WordPress Plugin Vulnerabilities

ThinkTwit < 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.

Proof of Concept

Affects Plugins

Plugin icon
thinktwit
Fixed in 1.7.1

References

CVE
CVE-2021-24582

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Vinit Yashwantrao
Submitter
Vinit Yashwantrao
Verified
Yes
WPVDB ID
5a5293ed-ddcb-4a63-9420-09942e7d69c2

Timeline

Publicly Published
2021-08-18 (about 4 years ago)
Added
2021-08-18 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2024-12-30
Title
ShopElement < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-11-26
Title
Contact Form DB <= 2.8.17 - Reflected XSS in Admin Area
Published
2024-06-22
Title
SULly < 4.3.1 - Plugin Reset via CSRF
Published
2025-03-24
Title
NextGEN Gallery Voting <= 2.7.6 - Reflected Cross-Site Scripting
Published
2025-08-04
Title
Download Counter < 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter