CVE-2010-4779

WPtouch <1.9.20 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.

References (4)

[Exploit] http://osvdb.org/69538

[Vendor Advisory] http://secunia.com/advisories/42438

[Exploit] http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45139

Scores

EPSS 0.0019

EPSS Percentile 41.0%

Classification

CWE

CWE-79

Status published

Affected Products (3)

bravenewcode/wptouch

n/a/n/a

Timeline

Published Apr 07, 2011

Tracked Since Feb 18, 2026