Twitter Posts to Blog WordPress Plugin Missing Authorization Vulnerability

A vulnerability exists in the Twitter Posts to Blog plugin for WordPress, affecting all versions up to and including 1.11.25. The issue arises from a lack of proper capability checks in the 'dg_tw_options' function, allowing unauthorized users to modify plugin settings. This includes the ability to change Twitter API credentials, post author, post status, and the permissions required to access the plugin's admin menu.

Impact

Exploitation of this vulnerability allows for unauthorized users to modify plugin settings, potentially leading to unauthorized access or manipulation of WordPress posts through the plugin.

Reproduction

The vulnerability can be reproduced by sending a request to the 'dg_tw_options' function without the necessary authorization. This can be done by an unauthenticated user, who can then modify various plugin settings, including Twitter API credentials and post-related options.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.