The research firm Sucuri has recently announced a major vulnerability in the WP and W3TC Super Cache. According to the team which detected this vulnerability, the remote PHP code can be executed locally on a server for any individual who runs either of the most popular caching plug-ins from Word Press. This vulnerability can allow hackers to execute code on an individual server which makes it an extremely serious issue.
The versions of the plug-ins which are vulnerable include:
- Version 0.9.2.8 and below of the W3 Total Cache. The higher versions are not vulnerable.
- Version 1.2 and below of the WP Super Cache. The higher versions are not vulnerable.
Therefore, numerous networks have applied a rule which helps in protecting against these specific vulnerabilities for both plugins. However, even with such protections in place, users should immediately upgrade their versions of the plug-in if they are using the ones which are vulnerable. Moreover, it is also recommended that the vulnerable version of the plug-in should be completely disabled until it has been upgraded.
Technicalities
The attacks take advantage of several functions of the plugins such as dynamic cached content, mfunc and mclude. The hackers can execute PHP commands which are running on a server by simply pasting comments to a Word Press Blog which runs vulnerable versions of the WP Super Cache or the W3 Total Cache. The hackers can then gain access to the entire server, execute numerous arbitrary database commands and even install malware remotely. Thus, in order to avoid such issues and to keep the networks safe and secure, all users who still function on the older or the vulnerable versions of the WP Super Cache or the W3TC Super Cache should upgrade immediately.
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment