The Sucuri research team we cooperate with found a very serious vulnerability in the WPTouch Plugin for WordPress that allows an attacker to upload files remotely to websites running the plugin that have not updated to VERSION 3.4.3 (the version the WPTouch team just put out to patch the vulnerability).
In order to secure your website if you’re using the WPTouch Plugin (and over 5 million sites are), please make sure to update the plugin immediately.
You can learn more about today’s WPTouch disclosure here: Disclosure: Insecure Nonce Generation in WPTouch | Sucuri Blog
Also, you can find more information about Sucuri services we offer at this page.