The online website scanning firm Sucuri has recently discovered a very dangerous vulnerability in the WPTouch Plugin for WordPress. This vulnerability allows attackers to upload files remotely to WordPress websites running this plugin with versions prior to 3.4.3. WPTouch Plugin has a record of over 5 million downloads. If your WordPress is running this plugin, please make sure to update the plugin immediately.
What Exactly is the Problem?
If your website has enabled the “Guest Registration Allowed” feature, a logged-in attacker can upload a backdoor (remote shell) inside your website’s directories and potentially take over your website. You can read the details about this security bug by visiting the Sucuri blog article.
Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.