If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately.
During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files to the target server. Someone with bad intentions could upload PHP backdoors or other malicious malware and basically take over the site.
So to make a long story short, if you’re running WPtouch, then update immediately!
Read More Here or call us at 403-291-9811