Description

Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.

Remediation

Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).

References

Disclosure: Insecure Nonce Generation in WPtouch

WPtouch Changelog

Related Vulnerabilities

WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

Ruby on Rails Improper Authentication Vulnerability (CVE-2009-2422)

Ruby on Rails CookieStore session cookie persistence

Moodle Improper Authentication Vulnerability (CVE-2014-0214)

ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Weak Crypto