WordPress Plugin Vulnerabilities

Nextend Twitter Connect <= 1.5.1 - Reflected Cross-Site Scripting (XSS)

Description

The nextend-twitter-connect WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
nextend-twitter-connect
Fixed in 1.5.2

References

CVE
CVE-2015-4557
URL
https://packetstormsecurity.com/files/#132432/
URL
https://seclists.org/fulldisclosure/2015/Jun/71

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
77dc69f3-f823-4d98-a60a-ffb9ed7b0deb

Timeline

Publicly Published
2015-06-24 (about 10 years ago)
Added
2015-06-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-24
Title
HT Conctact Form 7 < 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-05-29
Title
Super Socializer < 7.13.52 - Reflected XSS
Published
2014-08-01
Title
LBG Zoominoutslider - add_banner.php Unspecified XSS
Published
2024-07-04
Title
Apollo13 Framework Extensions < 1.9.4 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2024-07-09
Title
FormFlow < 2.12.2 - Admin+ Stored XSS