W3TC and WP Super Cache Vulnerability Discovered, We've Automatically Patched
On April 24, 2013, the research firm Sucuri discovered a serious vulnerability in two popular WordPress caching plugins, W3 Total Cache and WP Super Cache. The flaw allows remote PHP code execution on servers running these plugins. CloudFlare has implemented protection against this vulnerability for all its users, including free accounts. However, it is recommended that users of the affected plugins upgrade immediately to secure versions (W3TC 0.9.2.9 and WP Super Cache 1.3.x) or disable them until upgraded. The attack exploits certain functions in these plugins, enabling arbitrary PHP commands to be executed on the server. This could lead to unauthorized access, database manipulation, or malware installation.
Company
Cloudflare
Date published
April 24, 2013
Author(s)
Matthew Prince
Word count
371
Language
English
Hacker News points
None found.