A serious vulnerability in one of the most popular WordPress plugins – WPtouch was announced yesterday. The exploit allows registered users to upload malicious PHP files to your website and use them to gain further access to it.
The plugin that creates a mobile-friendly version of your website is widely used so our security team immediately took action to prevent our users from getting hacked through this exploit. We’ve acted in a manner that has been proven successful in the recent JetPack and TimThumb vulnerabilities – we used our application layer firewall to filter out all requests to our servers that try to utilize the exploit.
Although, our customers are shielded against this vulnerability at a server level, we strongly recommend that you update your WPtouch plugin to its latest version where the security issue is properly fixed by the plugin developers.