We just wanted to post quickly and let everyone know that recently a supposed SQL injection vulnerability was found in WPtouch (the free version). This report is false.
The vulnerability declared at packetstormsecurity.org and other security alert-type sites is impossible.
There is no ajax.php file in the root of WPtouch, therefore this vulnerability is flat-out impossible.
We take WordPress security seriously at BraveNewCode, having previously issued updates for security exploits in our plugins that we’ve found before they’re in the wild.
We know WPtouch is a popular plugin and one that can be targeted because of it’s popularity and wide install base. We work hard to ensure the safety of our plugins on your WordPress installations.
One Comment
Artem
Thanks for quickly dispelling the myth, Dale. These fake reports are getting annoying – just a month ago a similar report that doesn’t even make sense, in the same weird format, surfaced for another popular plugin called wp-spam-free http://www.exploit-db.com/exploits/17970/. Needless to say, I wasted 2 hours trying to figure out wtf is going on just to discover that it’s a bunch of bs. Argh.