[WordPress Security] Serious Security Hole in WP Super Cache and W3 Total Cache

A security hole that allows anyone to execute any command on your WordPress server has been discovered in the WP Super Cache and W3 Total Cache plugins.

WHAT TO DO: Upgrade to the newest version of both these plugins immediately. The security holes have been fixed by the developers.
The impact of these security holes can’t be overstated. They allow anyone to bypass all security and gain complete access to your WordPress site.
The exploit was posted by a user on the WordPress forums. The plugin authors have now updated their code to fix this issue.

The security hole allows an attacker to post PHP code embedded in comments and that code will be executed by your server. This effectively gives them unlimited access to all parts of your site and database.
There have been roughly 6 million downloads of both plugins combined, so they are very popular and this hole is likely to have spawned large scale automated attacks that take advantage of it.

If you run either of these plugins, it’s likely that your system may already have been compromised. Please upgrade both plugins and then run a full Word fence scan to verify your system integrity (link below for word fence)

http://wordpress.org/extend/plugins/wordfence/

Looking for quality WordPress Web Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , | Posted under WordPress | RSS 2.0

Author Spotlight

TJ Marsh

TJ Marsh

My name is Tj Marsh. I spend about 16 hours a day on the internet. Running my company and helping out here at Arvixe. I live in the good ole Arizona where it gets ridiculously hot. I love WordPress and a lot of other open source software along with coding.

Leave a Reply

Your email address will not be published. Required fields are marked *


9 − 1 =

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>