CVE-2014-9336: XSS
First published: Fri Dec 19 2014(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=0.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9336?
CVE-2014-9336 is classified as a medium severity vulnerability due to its potential impact on user authentication and exposure to cross-site scripting attacks.
How do I fix CVE-2014-9336?
To fix CVE-2014-9336, update the iTwitter plugin to version 0.05 or later which addresses these CSRF vulnerabilities.
Who is affected by CVE-2014-9336?
Administrators using iTwitter plugin version 0.04 or earlier on WordPress are affected by CVE-2014-9336.
What type of attack does CVE-2014-9336 enable?
CVE-2014-9336 enables remote attackers to perform cross-site request forgery (CSRF) attacks that could lead to cross-site scripting (XSS) exploits.
Can CVE-2014-9336 lead to data breaches?
Yes, if exploited, CVE-2014-9336 can potentially lead to unauthorized actions being performed on behalf of the user, which may result in data breaches.
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/itwitter project
- canonical/twitter
- version/twitter/0.04