83 matches found
WordPress WPtouch Mobile 3.4.5 Shell Upload
Wordpress WPtouch Mobile Plugin File Upload Vulnerability ================================= ==================== / / / / / / / / / / / / / : / / / / / / / / / / / / / / / | / / / / / / / / / / / / / // / // / / / / --X-- / / / / / / / / / / / / / / / / / / / / |////////// // / /// :...
WPtouch 1.9.19.4 - Cross-Site Scripting (XSS)
The WPtouch WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WPtouch 1.9.27 - 'wptouch_redirect' Parameter URI Redirection
The WPtouch WordPress plugin was affected by a 'wptouchredirect' Parameter URI Redirection security vulnerability...
WPtouch 1.9.8 - ajax/file_upload.php Crafted Content-Type File Upload Remote Code Execution
The WPtouch WordPress plugin was affected by an ajax/fileupload.php Crafted Content-Type File Upload Remote Code Execution security vulnerability...
WPtouch 3.x - Insecure Nonce Generation
The WPtouch WordPress plugin was affected by an Insecure Nonce Generation security vulnerability...
WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection
The WPtouch WordPress plugin was affected by an include/submit.php Multiple Parameter SQL Injection security vulnerability...
WordPress WPtouch Plugin <= 1.9.8 - Remote Code Executio
This plugin is prone to a remote code execution in ajax/fileupload.php. Solution Update the plugin...
WordPress WPtouch Plugin <= 1.9.8 - SQL Injection
This plugin is prone to an SQL injection vulnerability in include/submit.php parameter. Solution Update the plugin...
WordPress WPtouch Plugin <= 3.x - Insecure Nonce Generation
Because of this vulnerability, a logged-in attacker can potentially take over the website by uploading a backdoor and then do anything he wants. Solution Update the plugin...
Wordpress WPTouch Authenticated File Upload Exploit
The Wordpress WPTouch plugin contains an auhtenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...
Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors
If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges...
Wordpress WPTouch Authenticated File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress WPTouch Authenticated File Upload', 'Description' = %q The Wordpress WPTouch plugin contains an auhtenticated file upload...
WordPress WPTouch Authenticated File Upload
The WordPress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...
WPtouch WordPress Plugin 1.9.27 URL redirection
No description provided by source. Hello , that's a 0day on the must downloaded WordPress plugin. Exploit Title: 0-Day WPtouch WordPress Plugin 1.9.27 URL redirection Google Dork: intext:Powered by Wordpress + WPtouch with iphone/android User-Agent Author: MaKyOtOx special Pwet to ansx & Zizounet...
XSS and FPD vulnerabilities in WPtouch and WPtouch Pro for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...
WordPress WPtouch Plugin Path Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...
WPtouch / WPtouch Pro XSS / Path Disclosure Vulnerabilities
WPtouch and WPtouch Pro suffer from cross site scripting and path disclosure vulnerabilities. I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in...
WPtouch / WPtouch Pro XSS / Path Disclosure
Hello list! I want to inform you about vulnerabilities in WPtouch and WPtouch Pro plugins for WordPress. These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I wrote about Cross-Site Scripting...
CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...