Description

WordPress Plugin WPtouch is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

Remediation

Install version 1.9.29 or latest

References

http://wordpress.org/news/2011/06/passwords-reset/

http://secunia.com/advisories/45005/

Related Vulnerabilities

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1169)

WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)

MySQL CVE-2018-3156 Vulnerability (CVE-2018-3156)

MediaWiki Other Vulnerability (CVE-2004-2152)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update