First published: Mon Jan 09 2023(Updated: )
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bravenewcode Wptouch | <4.3.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-3416.
The severity of CVE-2022-3416 is high with a severity value of 7.2.
The affected software is the WPtouch WordPress plugin before version 4.3.45.
The vulnerability can be exploited by high privilege users, such as admin, to upload arbitrary files on the server.
Yes, the fix for CVE-2022-3416 is to update WPtouch plugin to version 4.3.45 or later.