A vulnerability in WordPress iOS app leaked secret authorization tokens for private blogs using third-party sites. The vulnerability was discovered by WordPress engineers and was patched last month. Android devices and self-hosted WordPress websites are not affected by this issue. The company has reset the tokens and sent a warning message to all iOS users with private blogs with the app on their iOS devices to update their app immediately, Automattic confirmed. There’s been no sign of leaked access tokens being used to unauthorizedly access any affected account.
Source: https://thehackernews.com/2019/04/wordpress-ios-security.html