CVE-2019-20555: 
NixOS vulnerability analysis and mitigation

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress contains a security vulnerability that exposes Twitter API credentials. The vulnerability allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code (WPScan).

The vulnerability exists in the WordPress plugin called Social Network Tabs version 1.7.1, created by Design Chemical. The issue stems from the exposure of Twitter API credentials (access_token, access_token_secret, consumer_key, and consumer_secret) in the dcwp_twitter.php source code. The vulnerability has been assigned CVE-2018-20555 and received a CVSS score of 7.5, indicating high severity (CISA).

When exploited, this vulnerability leads to Twitter account takeover. The exposed Twitter API credentials allow attackers to gain unauthorized access to and control of the associated Twitter account (WPScan, CISA).

At the time of disclosure, there was no known fix available for this vulnerability (WPScan).

The vulnerability was covered by TechCrunch, highlighting the serious nature of the security issue in WordPress plugins (WPScan).