CVE-2014-2995

Published: Oct 17, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_consumer_key parameter to wp-admin/options-general.php.

Affected (1)

Products: Twitget Project: Twitget

Twitget Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Twitget Project Twitget	Up to 3.3.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://packetstormsecurity.com/files/126134

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Apr/172

Source: cve@mitre.org

Exploit

http://wordpress.org/plugins/twitget/changelog

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92392

Source: cve@mitre.org

https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/126134

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Apr/172

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://wordpress.org/plugins/twitget/changelog

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92392

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.dxw.com/advisories/csrfxss-vulnerability-in-twitget-3-3-1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.