Vulnerabilities > Bravenewcode

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-09	CVE-2022-3416	Unspecified vulnerability in Bravenewcode Wptouch The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) network low complexity bravenewcode	7.2
2023-01-09	CVE-2022-3417	Unspecified vulnerability in Bravenewcode Wptouch The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. network low complexity bravenewcode	8.8
2011-12-14	CVE-2011-4803	SQL Injection vulnerability in Bravenewcode Wptouch SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity bravenewcode wordpress CWE-89	7.5
2011-04-07	CVE-2010-4779	Cross-Site Scripting vulnerability in Bravenewcode Wptouch 1.9.19.4/1.9.20 Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. network bravenewcode wordpress CWE-79	4.3

Vulnerabilities > Bravenewcode {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bravenewcode"}]}