WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress plugin WPtouch insecure nonce generation

Description

Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.

Remediation

Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).

References

Disclosure: Insecure Nonce Generation in WPtouch

WPtouch Changelog

Related Vulnerabilities

WordPress Plugin Apocalypse Meow Security Bypass (21.2.7)

WooCommerce Payments Authentication Bypass and Privilege Escalation

WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)

AngularJS client-side template injection

Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Weak Crypto