Hey WordPress Users and Users of the following plugins – Big security issue – You…

26 Apr 2013 admin In G+ Posts

Hey WordPress Users and Users of the following plugins – Big security issue – You should update immediately

A security exploit was recently discovered in the WP Super Cache and W3 Total Cache plugins

If you've not done so already, you should take immediate action to upgrade those plugins to prevent any damage to your site(s).

If you need upgrade guidance, see:
http://wordpress.org/extend/plugins/w3-total-cache/
http://wordpress.org/extend/plugins/wp-super-cache/

==================================================

The folks at Wordfence.com shared this information:

"WHAT TO DO: Upgrade to the newest version of both these plugins immediately  The security holes have been fixed by the developers. 

"The impact of these security holes can't be overstated. 
They allow anyone to bypass all security and gain complete access to your WordPress site.

"The exploit was posted by a user on the WordPress forums. The plugin authors have now updated their code to fix this issue.

"The security hole allows an attacker to post PHP code embedded in comments and that code will be executed  by your server. This effectively gives them unlimited access to all parts of your site and database. 

"There have been roughly 6 million downloads of both plugins combined, so they are very popular and this hole is likely to have spawned large scale automated attacks that take advantage of it. 

"If you run either of these plugins, it's likely that your system may already have been compromised. Please upgrade both plugins and then run a full Wordfence scan to verify your system integrity."

==================================================

All the Best,
The Solostream Team

Comments: 5

  1. Glendon Perkins 26 Apr 2013 Reply

    +Brent Burzycki thanks for sharing this.

  2. Brent Burzycki 26 Apr 2013 Reply

    this could be a massive problem for many…aslo as someone that runs many wordpress sites I am looking at this wordfence.com mentioned.. seems like a really interesting WP security plugin with a ton of features…  

  3. Glendon Perkins 26 Apr 2013 Reply

    I didn't have any updates on my site.

  4. Brent Burzycki 26 Apr 2013 Reply

    +Glendon Perkins this is only if you are running the specific plugins…

  5. Glendon Perkins 26 Apr 2013 Reply

    +Brent Burzycki I figured it was, but I can't keep track so I checked anyway. Most of mine are Jetpack plugins.

Leave a Comment!

Your email address will not be published.