WordPress plugin W3 Total Cache critical Vulnerability disclosed

WordPress plugin W3 Total Cache critical Vulnerability disclosed

One of the most popular WordPress Plugin called “W3 Total Cache” which is used to Improve site performance and user experience via caching, having potential vulnerability. On Christmas day, someone disclose it on full-disclosure site that how a plugin misconfiguration leads to possible WordPress cms hack.
The loophole is actually activated on the fact that how W3TC stores the database cache. Jason disclosed that cache data is stored in public accessible directory, from where a malicious attack can can retrieve password hashes and other database information.
Default location where this plugin stores data is “/wp-content/w3tc/dbcache/” and if directory listing is enabled, attacker can browse and download it.
He said,”Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable.
Because the plugin is very famous ,so this makes quite easy for hackers to play with WordPress blogs. Author also publish a simple shell script to identify and exploit this bug.

We would like to recommend webmasters to either upgrade the plugin to new version or deny access to plugin directory by making an extra .htccess in that folder.

 
Advertisements
Comments
3 Responses to “WordPress plugin W3 Total Cache critical Vulnerability disclosed”
  1. Colin Habel says:

    I simply want to say I am just all new to blogging and site-building and certainly liked this website. Likely I’m want to bookmark your website . You amazingly have fabulous articles. Thanks a bunch for sharing your web site.

  2. Hipolito M. Wiseman says:

    I just want to say I am just very new to blogs and really savored you’re website. Very likely I’m likely to bookmark your website . You certainly have wonderful posts. Cheers for sharing your webpage.

  3. bakersdelight says:

    Hi, I do believe this is a great site. I stumbledupon it 😉 I will come back yet again since I bookmarked it. Money and freedom is the greatest way to change, may you be rich and continue to help others.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,842 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: