Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3416

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Published

2023-01-09T23:15:26.677

Last Modified

2025-04-09T20:15:22.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bravenewcode	wptouch	< 4.3.45	Yes

References

https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 Exploit, Third Party Advisory ([email protected])
https://wpscan.com/vulnerability/f927dbe0-3939-4882-a469-1309ac737ee6 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)