CVE-2018-20555
Last modified
CVE-2018-20555 is a vulnerability of currently unknown severity. The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.. EPSS estimates a 10.40% chance of exploitation in the next 30 days.
Description
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Designchemical | Social Network Tabs | 1.7.1 |
References
- https://github.com/fs0c131y/CVE-2018-20555Exploit, Third Party Advisory
- https://twitter.com/fs0c131y/status/1085828186708066304Exploit, Third Party Advisory
- https://wpvulndb.com/vulnerabilities/9204Exploit, Third Party Advisory
- https://github.com/fs0c131y/CVE-2018-20555Exploit, Third Party Advisory
- https://twitter.com/fs0c131y/status/1085828186708066304Exploit, Third Party Advisory
- https://wpvulndb.com/vulnerabilities/9204Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20555?
How severe is CVE-2018-20555?
How do I fix CVE-2018-20555?
Are you affected by CVE-2018-20555?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST