CVE-2022-3416

Name of the Vulnerable Software and Affected Versions WPtouch WordPress plugin versions prior to 4.3.45

Description The issue allows high privilege users, such as admins, to upload arbitrary files on the server, even when they should not be allowed to, for example in a multisite setup. This is due to the plugin not properly validating images to be uploaded.

Recommendations For versions prior to 4.3.45, update to version 4.3.45 or later to resolve the issue. As a temporary workaround, consider restricting the upload capabilities of high privilege users to minimize the risk of exploitation.