Insecure Nonce Generation in WPtouch
If you use the popular WPtouch plugin (5m+ downloads) on your WordPress site, you should update it immediately.
This was discovered yesterday, it’s a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.
If you’re running WPtouch, then please update immediately!
This only applies to 3.x versions of WPtouch. Admin’s using 2.x and 1.x versions of the plugin will not be affected by this vulnerability.