cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-3417,https://securityvulnerability.io/vulnerability/CVE-2022-3417,WPtouch < 4.3.45 - Admin+ PHP Object Injection,The WPtouch plugin for WordPress prior to version 4.3.45 contains a vulnerability that allows for PHP object injection through the unserialization of an imported settings file. If a user imports a malicious settings file—whether intentionally or accidentally—this could lead to severe security issues due to the exploitation of a suitable gadget chain present in the blog. It is crucial for users of the WPtouch plugin to ensure they are running an updated version to mitigate the risk of such attacks.,Wordpress,WPtouch,8.8,HIGH,0.002580000087618828,false,,false,false,false,,false,false,2023-01-09T22:13:31.413Z,0
CVE-2022-3416,https://securityvulnerability.io/vulnerability/CVE-2022-3416,WPtouch < 4.3.45 - Admin+ Arbitrary File Upload,"The WPtouch plugin for WordPress, prior to version 4.3.45, is susceptible to an arbitrary file upload vulnerability due to improper validation of uploaded images. This issue enables high privilege users, such as administrators, to upload arbitrary files to the server, circumventing intended restrictions, particularly in multisite setups where such actions should be prohibited. This poses a significant security risk as it could potentially allow attackers to execute malicious files on vulnerable installations.",Wordpress,WPtouch,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-01-09T22:13:28.101Z,0
CVE-2011-4803,https://securityvulnerability.io/vulnerability/CVE-2011-4803,,SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.,Wordpress,WPtouch,,,0.000750000006519258,false,,false,false,false,,false,false,2011-12-14T00:55:00.000Z,0
CVE-2010-4779,https://securityvulnerability.io/vulnerability/CVE-2010-4779,,Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php.  NOTE: some of these details are obtained from third party information.,Wordpress,WPtouch,,,0.0035000001080334187,false,,false,false,false,,false,false,2011-04-07T14:23:00.000Z,0