CVE-2010-4779

Name of the Vulnerable Software and Affected Versions WPtouch plugin versions 1.9.19.4 through 1.9.20

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the wptouch settings parameter to the "include/adsense-new.php" endpoint.

Recommendations For WPtouch plugin versions 1.9.19.4 through 1.9.20, consider disabling access to the include/adsense-new.php endpoint until a fix is available. Avoid using the wptouch settings parameter in the affected endpoint to minimize the risk of exploitation.