A serious vulnerability in one of the most popular WordPress plugins – WPtouch was announced yesterday. The exploit allows registered users to upload malicious PHP files to your website and use them to gain further access to it.
The plugin that creates a mobile-friendly version of your website is widely used so our security team immediately took action to prevent our users from getting hacked through this exploit. We’ve acted in a manner that has been proven successful in the recent JetPack and TimThumb vulnerabilities – we used our application layer firewall to filter out all requests to our servers that try to utilize the exploit.
Although, our customers are shielded against this vulnerability at a server level, we strongly recommend that you update your WPtouch plugin to its latest version where the security issue is properly fixed by the plugin developers.
More Posts from the same Category - Security:
- The CryptoPHP Infection – A Story About Getting Paid Themes and Plugins for Free
- WP eCommerce Plugin Vulnerability Fixed
- Time to Say Goodbye to SSL Version 3.0