Description

WordPress Plugin WPtouch is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

Remediation

Install version 1.9.29 or latest

References

http://wordpress.org/news/2011/06/passwords-reset/

http://secunia.com/advisories/45005/

Related Vulnerabilities

WordPress Plugin Import all XML, CSV & TXT into WordPress Unspecified Vulnerability (3.7.2)

Microsoft SQL Server Other Vulnerability (CVE-2000-1085)

WordPress Plugin The Sorter SQL Injection (1.0)

PostgreSQL Other Vulnerability (CVE-2003-0901)

WordPress Plugin Theme My Login Local File Inclusion (6.3.9)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update