WordPress plugin – W3 Total cache vulnerability

Posted on January 9, 2013 by Andy

To make WordPress faster many people install the plugin W3 Total Cache.

It has many great features like caching and also support for pushing images to a CDN (content delivery network).
There are a few options when choosing the caching mechanism – disk, APC and memcache.

Recently, a security vulnerability has been found if the “database caching to disk” and “directory listing” is enabled.

The latest version is currently “0.9.2.5″

“Fixed security issue that can occur if using database caching to disk. If using database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories. This patch works for all hosting environments / types where PHP is properly configured, i.e. .htaccess modifications (or other web server configuration changes) are not necessary to ensure proper security. Empty the database cache after performing the update if you use database caching to disk.”

This highlights the fact – always keep your CMS and its plugins updated.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>