CVE: CVE-2023-5318 Vulnerability Type: CWE-798: Use of Hard-coded Credentials Severity: Medium (5.8) Affected Version: v1.3.4 Status: Fixed Found by: morioka12 (@scgajge12) Fixed by: Peter Ivanov (@peter-mw) Description: Secret information used for API calls was embedded in the microweber source code. PoC: The secret keys were hardcoded in : - $soauth_access_token - $soauth_access_token_secret - $consumer_key - $consumer_secret Impact: The attacker gains access to the developer's Twitter account. Occurrences: functions.php L14-L29 References: - OWASP: Secrets Management Cheat Sheet - Twitter API: Authentication Best Practices - Twitter API: Authentication (Bearer Token)