WPtouch < 4.3.45 - Admin+ Arbitrary File Upload
CVE-2022-3416

7.2HIGH

Key Information:

Vendor
Wordpress
Status
Vendor
CVE Published:
9 January 2023

Summary

The WPtouch plugin for WordPress, prior to version 4.3.45, is susceptible to an arbitrary file upload vulnerability due to improper validation of uploaded images. This issue enables high privilege users, such as administrators, to upload arbitrary files to the server, circumventing intended restrictions, particularly in multisite setups where such actions should be prohibited. This poses a significant security risk as it could potentially allow attackers to execute malicious files on vulnerable installations.

Affected Version(s)

WPtouch 0 < 4.3.45

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Duy Quoc Khanh
WPScan
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.