WordPress plugin WPtouch insecure nonce generation

Description
  • Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin WPtouch that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server.
Remediation
  • Upgrade to the latest version of WPtouch (this problem was fixed in version 3.4.3).
References