CVE-2023-0602

MEDIUM NUCLEI

Twittee Text Tweet < 1.0.8 - Reflected Cross-Site Scripting via POST Values

Title source: llm

Exploitation Summary

CVE-2023-0602 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.

Nuclei Templates (1)

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255

Scores

CVSS v3 6.1

EPSS 0.0085

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published

Products (1)

johnniejodelljr/twittee_text_tweet < 1.0.8

Published Jul 31, 2023

Tracked Since Feb 18, 2026