Thursday, 27 December 2012

WordPress W3 Total Cache vulnerability disclosed, Allows hacker to steal password

A critical vulnerability is found in one of the famous wordpress plugin "W3 Total Cache".  The plugin helps to improve the user experience of your site by improving your server performance, caching every aspect of your site.

 On Christmas day, someone disclose it on full-disclosure site that how a plugin misconfiguration leads to possible Wordpress cms hack.

A simple Google search for "inurl:wp-content/plugins/w3tc/dbcache" returns the list of word press affected by this vulnerability.

Wordpress users are advised to either upgrade the plugin to new version or deny access to plugin directory by making an extra .htccess in that folder.

No comments:

Post a Comment