Twitter Account Takeover Vulnerability in Design Chemical Social Network Tabs Plugin for WordPress

Twitter Account Takeover Vulnerability in Design Chemical Social Network Tabs Plugin for WordPress

CVE-2018-20555 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

Learn more about our Wordpress Pen Testing.