Once again, the Sucuri.net folks found a security vulnerability in another very popular WordPress plugin: WPtouch 3.x, that has over 5 million downloads.
If you are using WPtouch 3.x, you should stop reading this article and update the plugin from your WordPress administrative panel immediately.
WPtouch was very fast to respond and fix the issue, and they released version 3.4.3 with a patch for the problem. Note that versions 1.x and 2.x are not affected.
The Flaw
The vulnerability would allow an attacker to potentially take over a website by uploading a remote shell inside the website’s directories. This means that the ill-intentioned person could easily upload malicious code and malware into your site.
How do they do it? Through an insecure nonce generation (a nonce is a unique arbitrary number that can only be used once, a system used when you log into WordPress). If your website allows guest users to register, a new guest attacker would simply need to login and get his nonce via wp-admin , then send an AJAX file upload request with the leaked nonce and the malicious file.
Once more, if you are using WPtouch: update it now!
