Description

Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.

Remediation

Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).

References

Disclosure: Insecure Nonce Generation in WPtouch

WPtouch Changelog

Related Vulnerabilities

HTML Attribute Injection

WordPress Plugin Social Login Lite For WooCommerce Security Bypass (1.6.0)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Vulnerabilities (2.0.15)

WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

WordPress Plugin Lifeline Donation Security Bypass (1.2.6)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Weak Crypto