EPSS
Percentile
62.1%
The tweet_info function in class/__functions.php does not use an HTTPS session for downloading serialized data. In that way an attacker can execute arbitrary PHP code by modifying the client-server data stream.
Update the plugin.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6828