4 matches found
CVE-2022-3416
The WPtouch WordPress plugin is affected: versions before 4.3.45 do not properly validate uploaded images, allowing high-privilege users (e.g., admins) to upload arbitrary files to the server (including in multisite setups). This is documented across multiple sources (Red Hat CVE entry, OpenVAS n...
CVE-2022-3417
The CVE-2022-3417 entry concerns the WPtouch WordPress plugin,
CVE-2010-4779
The CVE-2010-4779 entry concerns the WPtouch WordPress plugin, where an XSS flaw exists in lib/includes/auth.inc.php affecting WPtouch versions 1.9.19.4 and 1.9.20. The vulnerability allows remote attackers to inject arbitrary script or HTML via the wptouch_settings parameter to include/adsense-n...
CVE-2011-4803
Affected software: WordPress WPtouch plugin. Vulnerable component: wptouch/ajax.php; issue: SQL injection via the id parameter that allows remote execution of arbitrary SQL commands. Root cause: improper validation/escaping in the Ajax endpoint. Impact: potential data modification, query manipula...