New Serious WordPress Vulnerability

28 Apr 2013

If you are running a Wordpress site in your hosting account please read below.

There is a new serious Wordpress vulnerability in certain versions of two popular Wordpress caching plugins, W3TC and WP Super Cache. The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the plugins. An attacker could then execute code on the infected server.

If you have any of those plugins installed in your Wordpress please check with the plugins developers to correct and update/patch the vulnerability.

You can find more information about it in the link below.

http://wordpress.org/support/topic/pwn3d

A quick way to be protected is enable Cloudlflare in your hosting account through your cPanel which already includes the rules to protect against this vulnerability.

Details about the vulnerability are available at:

http://blog.cloudflare.com/w3tc-and-wp-super-cache-vulnerability-discove-17794

We strongly recommend to upgrade your WP plugins immediately. As a precaution, consider enabling CloudFlare, even if temporarily.