WordPress WPtouch Plugin 'wptouch_settings' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with WordPress WPtouch Plugin and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgarde to 3.1.1 or later, For updates refer to http://wordpress.org/extend/plugins/wptouch

Insight

The flaw is due to input validation error in 'wptouch_settings' parameter to 'wp-content/plugins/wptouch/include/adsense-new.php', which is not properly sanitised before being returned to the user.

Affected

WordPress WPtouch Plugin 1.9.19.4 and 1.9.20, other versions may also be affected.

References

http://osvdb.org/69538
http://secunia.com/advisories/42438
http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4779
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Allaire JRun directory browsing vulnerability
Apache Rave User Information Disclosure Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache ActiveMQ Multiple Vulnerabilities

Take action and discover your vulnerabilities