Description

Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.

Remediation

Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).

References

Disclosure: Insecure Nonce Generation in WPtouch

WPtouch Changelog

Related Vulnerabilities

Ruby Improper Authentication Vulnerability (CVE-2008-3905)

Moodle Improper Authentication Vulnerability (CVE-2013-2245)

WordPress Plugin SiteGround Security Security Bypass (1.2.4)

MediaWiki Improper Authentication Vulnerability (CVE-2013-4304)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Security Bypass (3.4.4)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Arbitrary File Creation Weak Crypto