Disclosure: Insecure Nonce Generation in WPtouch

Joomla, Online Security, WordPress Share this post

If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately.

During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.

So to make a long story short, if you’re running WPtouch, then update immediately!

Read More Here or call us at 403-291-9811

Leave a Reply

Your email address will not be published. Required fields are marked *