Securi – WordPress Plugin Vulnerability –
WPTouch
This is a copy of an email I received. Pass the information along to anyone with a Word Press site that may be using this plugin.
|
|
 |
| Our research team found a very serious vulnerability in the WPTouch Plugin for WordPress that allows an attacker to upload files remotely to websites running the plugin that have not updated to VERSION 3.4.3 VERSION 3.4.3 (the version the WPTouch team just put out to patch the vulnerability).In order to secure your website if you’re using the WPTouch Plugin (and over 5 million sites are), make sure to update the plugin immediately. If your website scans show an infection, be sure to quickly open a malware removal ticket so that we can help.
This is just another example of our research team, @sucurilabs, actively searching for vulnerabilities that could affect your website security. If you’re worried about the ever-increasing rate of vulnerabilities in plugins, then try protecting your website behind our website firewall, CloudProxy, for free for a month and we’ll be able to proactively block these threats and protect your website from negative consequences. To take advantage of a free month of CloudProxy, just email us at info@sucuri.net.
Learn more about today’s WPTouch disclosure here: http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
–The team at Sucuri |
|
|
|
Leave a Reply
You must be logged in to post a comment.