Buggy WordPress plugin can steal Twitter credentials

A popular WordPress plugin called Social Media Tabs has been quietly exposing the Twitter credentials of users, allowing hackers to take control of blog Twitter accounts. The exploit, discovered by French security researcher Baptiste Robert aka Elliot Alderson, appeared in 539 public WordPress blogs. From TechCrunch:

Using the obtained access tokens, Robert tested their permissions by directing those accounts to ‘favorite’ a tweet of his choosing over a hundred times. This confirmed that the exposed account keys had “read/write” access — effectively giving him, or a malicious hacker, complete control over the Twitter accounts.

Original source

Add comment

Please Sign in to be able to leave comments.