CVE-2023-0602

MEDIUM NUCLEI

Johnniejodelljr Twittee Text Tweet < 1.0.8 - XSS

Title source: rule

Description

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.

Nuclei Templates (1)

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255

Scores

CVSS v3 6.1

EPSS 0.0738

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published

Products (1)

johnniejodelljr/twittee_text_tweet < 1.0.8

Published Jul 31, 2023

Tracked Since Feb 18, 2026