Critical Security Update For WPTouch, Users Should Update Immediately

First reported by Sucuri, the WPTouch plugin has a dangerous security vulnerability and users are encouraged to update immediately. WPTouch is used to quickly add mobile support to websites and has over 5 million downloads making it one of the most popular plugins in the WordPress plugin directory.

WPTouch Plugin Header
WPTouch Plugin Header

 

According to Sucuri, WPTouch incorrectly uses the “admin_init” hook which can lead to users without the correct capabilities to upload malicious files to the server. Mailpoet, another popular plugin recently suffered from the same type of security issue. Taking advantage of the bug is a simple two-step process.

All an attacker had to do in order to compromise a vulnerable website was to:

  1. Log­in and get his nonce via wp-admin
  2. Send an AJAX file upload request containing the leaked nonce and his backdoor

So long story short – don’t only use nonces to protect sensitive methods, always add functions such as “current_user_can()” or the likes to confirm a user’s right to do something.

The vulnerability only affects sites that have registration enabled but you should update regardless. Users should already see an upgrade notification in the dashboard.

Who is Jeff Chandler


Jeff Chandler is a WordPress guy in the buckeye state. Contributing writer for WPTavern. Have been writing about WordPress since 2007. Host of the WordPress Weekly Podcast.

There are 3 comments

Comments are closed.