Thinktwit
Monthly
The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.