Vulnerabilities and security researches forwptouch wptouch

Jun 07, 2024

CVE, Research URL: CVE-2010-4779
Home page URL: Security reports for WPtouch – Make your WordPress Website Mobile-Friendly
Application: WPtouch – Make your WordPress Website Mobile-Friendly
Date: Apr 07, 2011
Research Description: Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.
Affected versions: max 4.3.44.
Status: vulnerable

CVE, Research URL: CVE-2011-4803
Home page URL: Security reports for WPtouch – Make your WordPress Website Mobile-Friendly
Application: WPtouch – Make your WordPress Website Mobile-Friendly
Date: Dec 14, 2011
Research Description: SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected versions: max 1.9.8.1.
Status: vulnerable

CVE, Research URL: CVE-2022-3417
Home page URL: Security reports for WPtouch – Make your WordPress Website Mobile-Friendly
Application: WPtouch – Make your WordPress Website Mobile-Friendly
Date: Jan 10, 2023
Research Description: The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.
Affected versions: max 4.3.45.
Status: vulnerable

CVE, Research URL: CVE-2022-3416
Home page URL: Security reports for WPtouch – Make your WordPress Website Mobile-Friendly
Application: WPtouch – Make your WordPress Website Mobile-Friendly
Date: Jan 10, 2023
Research Description: The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Affected versions: max 3.4.3.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: CVE-2025-49318
Home page URL: Security reports for WPtouch – Make your WordPress Website Mobile-Friendly
Application: WPtouch – Make your WordPress Website Mobile-Friendly
Date: Jun 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPtouch WPtouch allows Stored XSS. This issue affects WPtouch: from n/a through 4.3.60.
Affected versions: max 4.3.61.
Status: vulnerable