April 29, 2013
We wanted to take this time to pass along information regarding serious security vulnerabilities recently discovered in two very popular WordPress plugins. They are:
– WP Super Cache
– W3 Total Cache
These plugins have been reported as having a security hole that allows a hacker to control your WordPress installation by using a method called Remote Code Execution, which in this case is fairly simple to exploit. The good news is that the developers of both plugins have released a security update, disabling the vulnerable functions.
If you’re running WordPress, with WP Super Cache or W3 Total Cache installed, should immediately log in to their WordPress administration panel and upgrade the plugins as soon as possible in order to prevent the vulnerability from being exploited.
Please note that if you have the plugins installed but they are not activated, it is still imperative that you update them, or delete them entirely.