The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.
References
Link | Resource |
---|---|
https://github.com/fs0c131y/CVE-2018-20555 | Exploit Third Party Advisory |
https://twitter.com/fs0c131y/status/1085828186708066304 | Exploit Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9204 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-18T15:32:40
Updated: 2019-04-04T14:20:07
Reserved: 2018-12-28T00:00:00
Link: CVE-2018-20555
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-21T16:00:36.187
Modified: 2019-04-16T14:12:33.230
Link: CVE-2018-20555
JSON object: View
Redhat Information
No data.
CWE