If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately.
During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.
more here............http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.
more here............http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html