Thursday, April 25, 2013
There is a new serious WordPress vulnerability in certain versions of two popular WordPress caching plugins, W3TC and WP Super Cache. The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the plugins. An attacker could then execute code on the infected server.
Details about the vulnerability are available at: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
This is a very serious vulnerability, further exasperated by the fact that any user can exploit it. The easiest way to protect yourself is to upgrade. You can find the latest updates on the WordPress.org repository:
Users using CloudFlare, CloudFlare has applied a rule to their network which automatically protects all CloudFlare customers, including those on free plans.