Vulnerability Details CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://0x62626262.wordpress.com/2016/04/21/tweet-wheel-xss-vulnerability/
- https://wordpress.org/plugins/tweet-wheel/#developers
- https://wpvulndb.com/vulnerabilities/8464
- https://0x62626262.wordpress.com/2016/04/21/tweet-wheel-xss-vulnerability/
- https://wordpress.org/plugins/tweet-wheel/#developers
- https://wpvulndb.com/vulnerabilities/8464
Products affected by CVE-2016-10986
-
cpe:2.3:a:nerdcow:tweet_wheel:-
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0.1
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0.2
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0.3
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0.3.1
-
cpe:2.3:a:nerdcow:tweet_wheel:1.0.3.2