Vulnerabilities

CVE-2018-20555

by Fred · 18/03/2019

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

Date published : 2019-03-18

https://github.com/fs0c131y/CVE-2018-20555

Time for fun! The @WordPress plugin known as Social Network Tabs, made by Design Chemical, combines all of your favorite social networks profiles. Due to their poor coding skills I was able to take over 127 Twitter accounts #0day #infosec https://t.co/5Cd2P2NUWT

— Baptiste Robert (@fs0c131y) January 17, 2019

Similar

Tags: Cybersecurity Alert