CVE-2023-0602: Twittee Text Tweet <= 1.0.8 - Reflected XSS
First published: Mon Jul 31 2023(Updated: )
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-0602?
CVE-2023-0602 is considered a moderate severity vulnerability due to its potential for reflected XSS attacks targeting administrators.
How do I fix CVE-2023-0602?
To fix CVE-2023-0602, update the Twittee Text Tweet plugin to version 1.0.9 or later.
Who is affected by CVE-2023-0602?
CVE-2023-0602 affects all versions of the Twittee Text Tweet plugin up to and including 1.0.8 installed on WordPress sites.
What type of vulnerability is CVE-2023-0602?
CVE-2023-0602 is a reflected cross-site scripting (XSS) vulnerability related to insufficient input sanitization in an administrative page.
Can CVE-2023-0602 be exploited remotely?
Yes, CVE-2023-0602 can be exploited remotely by an attacker targeting the administrative interface of the affected plugin.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-latest
- agent/author
- vendor/johnniejodelljr
- canonical/twitter
- version/twitter/1.0.8