CVE-2018-20555

CRITICAL

Design Chemical Social Network Tabs 1.7.1 - Exposure of Sensitive Twitter Credentials via dcwp_twitter.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20555. PoCs published by fs0c131y.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2018-20555, which involves the leakage of Twitter API keys from the WordPress Social Network Tabs plugin. The PoC includes a scraper to find vulnerable sites and tools to test and exploit the leaked keys.

Description

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

Exploits (1)

nomisec WORKING POC 73 stars
by fs0c131y · poc
https://github.com/fs0c131y/CVE-2018-20555

This repository contains a proof-of-concept for CVE-2018-20555, which involves the leakage of Twitter API keys from the WordPress Social Network Tabs plugin. The PoC includes a scraper to find vulnerable sites and tools to test and exploit the leaked keys.

Classification
Working Poc | Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress Social Network Tabs plugin
No auth needed
Prerequisites: Access to search engines like Google, Bing, or Baidu · Twitter API keys leaked via vulnerable plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9204
Exploit, Third Party Advisory x_refsource_misc
https://twitter.com/fs0c131y/status/1085828186708066304
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fs0c131y/CVE-2018-20555

Scores

CVSS v3 9.8
EPSS 0.1040
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
designchemical/social_network_tabs 1.7.1
Published Mar 21, 2019
Tracked Since Feb 18, 2026