What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.
Explanation of Vulnerability in Simple Terms
Evergreen Post Tweeter versions 1.8.9 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires user interaction—the admin must visit the attacker's page while authenticated.
What an attacker can do
Perform actions on the site (change settings, modify posts, create accounts) on behalf of a logged-in administrator.
Potential impact on your site
An attacker can trick your admin into unknowingly changing plugin settings, modifying content, or altering site configuration.
Conditions required to exploit
Site administrator must be logged in and visit a malicious webpage controlled by the attacker.
Key dates
External resources