25 matches found
EUVD-2010-4744
Malware in sbrugna...
EUVD-2011-4721
Malware in sbrugna...
EUVD-2022-42794
Malicious code in bioql PyPI...
WordPress WPtouch plugin <= 4.3.60 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin WPtouch versions = 4.3.60...
CVE-2022-3416
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2022-3417
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...
CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2010-4779
Cross-site scripting XSS vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouchsettings parameter to include/adsense-new.php. NOTE: some of these details are obtained from...
CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...
CVE-2022-3416 WPtouch < 4.3.45 - Admin+ Arbitrary File Upload
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
PT-2023-13349 · WordPress · Wptouch
Name of the Vulnerable Software and Affected Versions: WPtouch WordPress plugin versions prior to 4.3.45 Description: The issue allows high privilege users, such as admins, to upload arbitrary files on the server, even when they should not be allowed to, for example in a multisite setup. This is...
WordPress WPtouch plugin <= 4.3.42 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScan in WordPress WPtouch plugin versions = 4.3.42. Solution Update the WordPress WPtouch plugin to the latest available version at least 4.3.44...
WordPress WPtouch Plugin <= 3.6.6 - Open Redirection
This plugin is prone to an unvalidated open redirection vulnerability. Solution Update the plugin...
WordPress WPtouch Plugin <= 3.x - Insecure Nonce Generation
Because of this vulnerability, a logged-in attacker can potentially take over the website by uploading a backdoor and then do anything he wants. Solution Update the plugin...
WordPress WPtouch Plugin <= 1.9.8 - SQL Injection
This plugin is prone to an SQL injection vulnerability in include/submit.php parameter. Solution Update the plugin...
Wordpress WPTouch Authenticated File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress WPTouch Authenticated File Upload', 'Description' = %q The Wordpress WPTouch plugin contains an auhtenticated file upload...
CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
WordPress Plugin wptouch - SQL Injection
WordPress Plugin wptouch - SQL Injection Exploit Title: WordPress wptouch plugin SQL Injection Vulnerability Date: 2011-27-10 Author: longrifle0x software: Wordpress Tools: SQLMAP --------------- POST data --------------- http://www.site.com/wp-content/plugins/wptouch/ajax.php Exploit: id=-1; id=...
WordPress wptouch plugin SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress wptouch plugin SQL Injection Vulnerability Date: 2011-27-10 Author: longrifle0x software: Wordpress Tools: SQLMAP --------------- POST data --------------- http://www.site.com/wp-content/plugins/wptouch/ajax.php Exploi...