Marketing Twitter Bot WordPress Plugin Cross-Site Request Forgery Vulnerability Allowing Stored Cross-Site Scripting

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Marketing Twitter Bot WordPress plugin, affecting versions through 1.11. The vulnerability arises because the plugin lacks proper CSRF checks in certain areas and fails to adequately sanitize and escape user input. This could enable attackers to exploit logged-in administrators by injecting Stored Cross-Site Scripting (XSS) payloads through a CSRF attack.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, which could be used to inject Stored Cross-Site Scripting payloads that would be executed in the context of the user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marketing Twitter Bot WordPress Plugin Cross-Site Request Forgery Vulnerability Allowing Stored Cross-Site Scripting

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating