Vulnerability Details CVE-2015-4557
Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Jun/71
- http://www.securityfocus.com/bid/75395
- https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect
- http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Jun/71
- http://www.securityfocus.com/bid/75395
- https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect
Products affected by CVE-2015-4557
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.0
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.1
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.2.1
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.10
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.11
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.13
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.14
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.15
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.16
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.17
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.18
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.21
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.23
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.24
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.25
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.26
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.27
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.31
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.32
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.35
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.36
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.37
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.38
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.39
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.4
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.40
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.41
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.42
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.43
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.47
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.48
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.49
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.5
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.52
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.55
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.56
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.57
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.58
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.59
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.61
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.7
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.8
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.4.9
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.5.0
-
cpe:2.3:a:nextendweb:nextend_twitter_connect:1.5.1