CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10313
https://notcve.org/view.php?id=CVE-2019-10313
30 Apr 2019 — Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Jenkins Twitter Plugin almacena las credenciales sin cifrar en su archivo de configuración global en el maestro Jenkins, donde pueden ser vistas por los usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/04/30/5 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125103 – BestWebSoft Twitter Plugin twitter.php twttr_settings_page cross site scripting
https://notcve.org/view.php?id=CVE-2014-125103
07 Aug 2014 — A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. • https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10015 – BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10015
24 Jul 2012 — A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 • CWE-352: Cross-Site Request Forgery (CSRF) •