Cross-Site Scripting Vulnerability in WPtouch Plugin for WordPress
CVE-2010-4779

Currently unrated

Key Information:

Vendor: Wordpress
Status: WPtouch
Vendor: CVE Published:; 7 April 2011

Summary

The WPtouch plugin for WordPress has a vulnerability located in lib/includes/auth.inc.php, which exposes versions 1.9.19.4 and 1.9.20 to an XSS attack. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the wptouch_settings parameter, specifically targeting include/adsense-new.php. Successful exploitation may allow attackers to conduct phishing attacks, steal sensitive user data, or manipulate site content.

References

http://osvdb.org/69538

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/42438

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/45139

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 7, 2011