Description

WordPress Plugin WPtouch is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

Remediation

Install version 1.9.29 or latest

References

http://wordpress.org/news/2011/06/passwords-reset/

http://secunia.com/advisories/45005/

Related Vulnerabilities

WordPress Plugin YOP Poll Cross-Site Scripting (6.3.2)

Apache HTTP Server Other Vulnerability (CVE-1999-0107)

Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)

MySQL CVE-2019-2755 Vulnerability (CVE-2019-2755)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7846)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update