Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413.
References 4 Total
- seclists.org: 20151231 CVE-2015-4557 - Wordpress "Nextend Twitter Connect" & "Nextend Google Connect" Cross Site Scripting mailing-list
- securityfocus.com: 75395 vdb-entry
- http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html
- https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- seclists.org: 20151231 CVE-2015-4557 - Wordpress "Nextend Twitter Connect" & "Nextend Google Connect" Cross Site Scripting mailing-listx_transferred
- securityfocus.com: 75395 vdb-entryx_transferred
- http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html x_transferred
- https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect x_transferred