Description
Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.
Remediation
Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).
References
Related Vulnerabilities
MediaWiki Improper Authentication Vulnerability (CVE-2013-4304)
OpenSSL Improper Authentication Vulnerability (CVE-2009-1390)
WordPress Improper Authentication Vulnerability (CVE-2007-6013)
TYPO3 Improper Authentication Vulnerability (CVE-2011-4628)
PHP mail function ASCII control character header spoofing vulnerability