Description

WordPress Plugin WPtouch is prone to an open redirect vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin WPtouch version 3.4.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.4.10 or latest

References

http://planetzuda.tumblr.com/post/124477388582/wptouch-349-open-redirect-vulnerability

https://wordpress.org/plugins/wptouch/changelog/

Related Vulnerabilities

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.4)

WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)

WordPress Plugin WP Symposium 'get_profile_avatar.php' SQL Injection (0.64)

WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)

WordPress Plugin YaMaps for WordPress Cross-Site Scripting (0.6.25)

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Tags

Missing Update Url Redirection