First published: Mon Jan 09 2023(Updated: )
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bravenewcode Wptouch | <4.3.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the WPtouch WordPress plugin vulnerability is CVE-2022-3417.
The severity of CVE-2022-3417 is high, with a CVSS score of 8.8.
The affected software for CVE-2022-3417 is the WPtouch WordPress plugin before version 4.3.45.
CVE-2022-3417 refers to a vulnerability in the WPtouch WordPress plugin before version 4.3.45 that unserializes the content of an imported settings file, which could result in PHP object injection issues if a malicious settings file and a suitable gadget chain are present on the blog.
To fix CVE-2022-3417, you should update the WPtouch WordPress plugin to version 4.3.45 or newer.