CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3416 – WPtouch < 4.3.45 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-3416
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) El complemento WPtouch de WordPress anterior a 4.3.45 no valida correctamente las imágenes que se van a cargar, lo que permite a usuarios con privilegios elevados, como el administrador, cargar archivos arbitrarios en el servidor incluso cuando no se les debería permitir (por ejemplo, en una configuración multisitio). The WPtouch plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation when uploading images in versions up to, and including, 4.3.44. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3417 – WPtouch < 4.3.45 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-3417
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. El complemento WPtouch de WordPress anterior a 4.3.45 deserializa el contenido de un archivo de configuración importado, lo que podría provocar problemas de inyecciones de objetos PHP cuando un usuario importa (intencionalmente o no) un archivo de configuración malicioso y una cadena de gadgets adecuada está presente en el blog. The WPtouch plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.3.44 via deserialization of untrusted input when importing settings. This allows administrator-level attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. • https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 2CVE-2011-4803 – WPtouch <= 1.9.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en wptouch/ajax.php en el complemento WPTouch para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id • https://www.exploit-db.com/exploits/18039 http://www.exploit-db.com/exploits/18039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •