CVE-2010-4825

WordPress wp-twitter-feed 0.3.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References (5)

[Vendor Advisory] http://secunia.com/advisories/42542

[Exploit] http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68

[Exploit] http://www.osvdb.org/69760

[Exploit] http://www.securityfocus.com/bid/45294

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/63942

Scores

EPSS 0.0024

EPSS Percentile 47.0%

Classification

CWE

CWE-79

Status published

Affected Products (2)

pleer/wp-twitter-feed

n/a/n/a

Timeline

Published Aug 24, 2011

Tracked Since Feb 18, 2026