There is a new serious WordPress vulnerability in certain versions of two popular WordPress caching plugins, W3TC and WP Super Cache. The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the plugins. An attacker could then execute code on the infected server.

More details on this vulnerability can be found here:

Both of the plugins have now been patched to disable the vulnerable functions by default, so it is vital that anyone using either of these plugins updates them to the latest versions right away.

Users running CloudFlare (which can be enabled via cPanel > CloudFlare) are already protected against this, as CloudFlare has applied a rule to their network which nullifies the threat, but this shouldn't be seen as an excuse not to upgrade!

Thursday, April 25, 2013

« Back