Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin
|Product:||Tweet Blender Wordpress Plugin|
|Vulnerable Versions:||4.0.1 and probably prior|
|Advisory Publication:||October 25, 2013 [without technical details]|
|Vendor Notification:||October 25, 2013|
|Vendor Fix:||November 13, 2013|
|Public Disclosure:||November 15, 2013|
|Latest Update:||November 13, 2013|
|Vulnerability Type:||Cross-Site Scripting [CWE-79]|
|CVSSv2 Base Score:||2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered vulnerability in Tweet Blender Wordpress Plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
|Update to Tweet Blender 4.0.2|
| High-Tech Bridge Advisory HTB23180 - https://www.htbridge.com/advisory/HTB23180 - Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin.|
 Tweet Blender Wordpress Plugin - http://wordpress.org/plugins/tweet-blender/ - Provides several Twitter widgets: show your own tweets, show tweets relevant to post's tags, show tweets for Twitter lists, show tweets for hasht .
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 ImmuniWeb® - a PCI compliant web application penetration test combined with managed vulnerability scan. Configure, schedule, and manage online 24/7.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.