Showing results for 
Search instead for 
Did you mean: 

Security Vulnerability Found in Popular WPtouch WordPress Plugin

Community Leader

Security Vulnerability Found in Popular WPtouch WordPress Plugin

By Eduard Kovacs on July 15, 2014


A recently discovered vulnerability in WPtouch, a popular plugin that's used to create simple themes for the mobile visitors of WordPress websites, can be leveraged by an attacker to upload PHP files to impacted servers, Sucuri reported on Monday.

According to the security firm, an attacker can take control of WordPress websites by uploading PHP backdoors and other pieces of malware to the site's directories.

The flaw, which is located in the "core/class­wptouch­pro.php" file, can only be exploited on websites that allow guest users to register, Sucuri researchers said. In this classwptouchpro.php file, the admin_initialize() method is called by the "admin_init" hook, the use of which recently led to a file upload vulnerability in a different popular WordPress plugin.



SecurityWeek/ Full Read Here/

Community Leader

Community Leader

Re: Security Vulnerability Found in Popular WPtouch WordPress Plugin

The following article is a update on WordPress

(Vulnerability in Premium WordPress Plugin Exploited in the Wild)

By Eduard Kovacs on September 04, 2014


A popular WordPress plugin that enables users to easily create responsive sliders is plagued by a security hole that has been actively exploited by cybercriminals, Sucuri reported on Wednesday.

Slider Revolution is a premium WordPress plugin created by ThemePunch that has been sold over 34,000 times on the snippets and scripts marketplace CodeCanyon. The plugin is also wrapped into several theme packages for WordPress.

A vulnerability was found in version 4.1.4 and older of the plugin, but the flaw was patched by the developer back in February with the release of Slider Revolution 4.2. The company listed a "security fix" in the changelog at the time, but it didn't provide any details because security firms allegedly advised it not to.

An exploit has been published on hacker forums and is being actively used to compromise websites. On Wednesday alone, Sucuri identified 64 IP addresses attempting to trigger the vulnerability on over 1,000 websites. Data from the security firm shows that the attacks started on August 9 and peaked on August 19 with over 2,500 hits.

According to Sucuri, the zero-day was disclosed via underground forums, so the developer should have actively alerted its customers of the threat, instead of taking the silent patch approach.


SecurityWeek/ full article here/ 

Community Leader