Vulnerabilites related to bravenewcode - wptouch
CVE-2011-4803 (GCVE-0-2011-4803)
Vulnerability from cvelistv5
Published
2011-12-14 00:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18039 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18039",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4803",
"datePublished": "2011-12-14T00:00:00Z",
"dateReserved": "2011-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:10:22.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3416 (GCVE-0-2022-3416)
Vulnerability from cvelistv5
Published
2023-01-09 22:13
Modified
2025-04-09 19:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3416",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T19:13:29.945913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:14:07.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WPtouch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.3.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Duy Quoc Khanh"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T09:07:36.845Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPtouch \u003c 4.3.45 - Admin+ Arbitrary File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3416",
"datePublished": "2023-01-09T22:13:28.101Z",
"dateReserved": "2022-10-07T05:51:13.006Z",
"dateUpdated": "2025-04-09T19:14:07.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4779 (GCVE-0-2010-4779)
Vulnerability from cvelistv5
Published
2011-04-07 14:00
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/69538 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/42438 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/45139 | vdb-entry, x_refsource_BID | |
| http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69538"
},
{
"name": "42438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42438"
},
{
"name": "45139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-04-07T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69538"
},
{
"name": "42438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42438"
},
{
"name": "45139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69538",
"refsource": "OSVDB",
"url": "http://osvdb.org/69538"
},
{
"name": "42438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42438"
},
{
"name": "45139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45139"
},
{
"name": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4779",
"datePublished": "2011-04-07T14:00:00Z",
"dateReserved": "2011-04-07T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:30.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3417 (GCVE-0-2022-3417)
Vulnerability from cvelistv5
Published
2023-01-09 22:13
Modified
2025-04-09 19:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5 | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T19:08:03.544976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:09:23.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WPtouch",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.3.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Duy Quoc Khanh"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T09:07:41.900Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPtouch \u003c 4.3.45 - Admin+ PHP Object Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3417",
"datePublished": "2023-01-09T22:13:31.413Z",
"dateReserved": "2022-10-07T05:51:19.330Z",
"dateUpdated": "2025-04-09T19:09:23.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-01-09 23:15
Modified
2025-04-09 20:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bravenewcode | wptouch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B8530780-85F1-4E83-93F9-AC906AC56129",
"versionEndExcluding": "4.3.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento WPtouch de WordPress anterior a 4.3.45 no valida correctamente las im\u00e1genes que se van a cargar, lo que permite a usuarios con privilegios elevados, como el administrador, cargar archivos arbitrarios en el servidor incluso cuando no se les deber\u00eda permitir (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"id": "CVE-2022-3416",
"lastModified": "2025-04-09T20:15:22.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-09T23:15:26.677",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
Vulnerability from fkie_nvd
Published
2011-04-07 14:23
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bravenewcode | wptouch | 1.9.19.4 | |
| bravenewcode | wptouch | 1.9.20 | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D879A2-131B-4331-8F32-6DBD542F89AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0748FB18-8E4B-4DED-9848-9CA6F1F4BBEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en lib/includes/auth.inc.php en el complemento WPtouch v1.9.19.4 y v1.9.20 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de configuraci\u00f3n wptouch sobre include/adsense-new.php. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-4779",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-07T14:23:52.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/69538"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42438"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/69538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45139"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-14 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFD0DB2-7A64-4698-8DA9-380769BBC25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95C6D2F2-FC4A-43EF-96B4-D84B6605471F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE81D83-0B96-4C02-B8FC-6E5231314E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9722E64-6764-4F08-A412-1A7B4BA32A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85EF16-7366-453F-B700-1DCCF9AC5912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B209A18-07CF-4622-8DB2-36DB7D8F23E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D19BA277-CD29-43C9-840C-52684D72B12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61441A0F-C06C-4E71-91A6-4F9791CE1961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B68756EE-828A-429C-8445-02D3D2E8A02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.8.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "319C88D4-0D4E-4B40-82F1-E28CE164B2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2E855F-E94B-46B3-AFB2-05DBC029F297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5490127F-7DB6-4565-B163-28FEC2564532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6384EA-0C4C-4157-B246-4E9ACDA7BC76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "52850683-EB92-46DC-B955-3305D1E90C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB08B929-AA93-473F-8383-657B47271C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D942FA-E789-4AF7-B795-741AF0265817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "74C1017A-2E48-4215-BF3F-E847A6BE6FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0234C49-D383-40F3-8E5A-1666FABF0988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2C350A-0C8D-46D0-9A2A-9BDEF8F8405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A426DE5B-56F5-47B2-A47F-3B8F554D5943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F782D6-9F13-4842-87F6-A6A9BBEF1F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A128B18B-6110-426F-89B8-5A72B1FAEB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE5DD1A-9D1E-4923-A015-298B76EF4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28A2BE4A-4427-4B62-AB5A-6D3CE95A55C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD2D3D8-6E10-43E8-A9CC-AC3AA782ED66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "672E59AF-76C9-404A-9DB4-0E247A696454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C49BFDCF-E968-4233-87D6-320BE74C263C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "886EF0E0-93AC-46EA-8149-11FC45E8DB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEE1523-A5A9-4A7B-8FD1-919D2BF7C24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C37834DA-BD73-49AE-9CD2-276AB1003FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB1911C-88E5-4006-879D-D886320E258D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2FDE64-7FC3-4B24-A1F9-6103381E84A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61935681-AC3B-42F1-9306-4C6F88551590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E27227-37CA-4F31-8484-38CFC116BEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F4019E17-FF95-4B9A-A059-3025E6949217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDBC2E8-1F9C-487D-BC42-4D7FB1E490B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE4EA9CD-91AC-456E-B193-896A50301392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "98854719-8862-4320-AC83-7F6AF6438B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0163E0-AACB-469D-9931-2D6FABCEA605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF755C9-05A7-46CA-90E5-8112DA01A746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28F207FD-F893-45AD-8B36-ACDA9B422A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E24CEE7F-42B9-48BB-A721-2DB3C4B28C98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D879A2-131B-4331-8F32-6DBD542F89AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC6C5AD-6244-4697-AA82-97601B104B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0748FB18-8E4B-4DED-9848-9CA6F1F4BBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E04ECB17-A65E-4DB2-9A3B-14CDEA997584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86F009F6-5722-41BE-B5BD-EDEBCE3A11F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D57EDD99-DB18-43D5-9C91-EAF4C2509A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "196734D5-651C-487F-98F4-1416BF9CA0E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DF44C087-DF67-4926-AAC1-C2A0DDC61027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "484C3F5C-8CF4-4BB2-A329-6D5C34B51D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "AF74C5D0-DA54-4242-9116-21B802C3ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:1.9.26:*:*:*:*:*:*:*",
"matchCriteriaId": "06771888-4352-4F57-A5EE-32E51C94786E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en wptouch/ajax.php en el complemento WPTouch para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id"
}
],
"id": "CVE-2011-4803",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-14T00:55:04.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18039"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 23:15
Modified
2025-04-09 20:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bravenewcode | wptouch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bravenewcode:wptouch:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B8530780-85F1-4E83-93F9-AC906AC56129",
"versionEndExcluding": "4.3.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog."
},
{
"lang": "es",
"value": "El complemento WPtouch de WordPress anterior a 4.3.45 deserializa el contenido de un archivo de configuraci\u00f3n importado, lo que podr\u00eda provocar problemas de inyecciones de objetos PHP cuando un usuario importa (intencionalmente o no) un archivo de configuraci\u00f3n malicioso y una cadena de gadgets adecuada est\u00e1 presente en el blog."
}
],
"id": "CVE-2022-3417",
"lastModified": "2025-04-09T20:15:22.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-09T23:15:26.760",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/55772932-eebd-475b-b5df-e80fab288ee5"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}