Security Update for WP to Twitter

September 12, 2014

Topics: WordPress.

On September 8th, the web site Vexatious Tendencies disclosed publically a security flaw in the WP to Twitter “Tweet Now” functionality, introduced in version 2.9.0. The security flaw would allow unauthenticated users to post to the administrator’s Twitter account.

See WordPress plugin vulnerability dump, part 2 for more details about the vulnerability.

This is a severe vulnerability, and you should update as soon as possible. If you are still running a version of WP to Twitter older than 2.9.0, you are not affected by this issue.

The issue was disclosed publically without any private notification to me, so I was not aware of the issue until the team at WordFence (which is a fabulous security plug-in for WordPress, by the way) notified me of the issue this evening via Twitter. I apologize for my oversight that allowed this security vulnerability, and thank you WordFence for making me aware of this public disclosure.

Have something to contribute?




« Read my Comment Policy

2 Comments to “Security Update for WP to Twitter”

  1. Or, alternatively, update it.

  2. Oh dear, better disable this then!