Security Alert: WP Super Cache and W3 Total Cache

Are you using W3TotalCache or WP Super Cache on your WordPress Blog, then I would suggest you to upgrade the plugins to the latest versions available, else both these plugins can give complete control to the hackers.

The Significant vulnerability found in both these Top Caching WordPress Plugins is they allow RCE (Remote Code Execution) vulnerability a.k.a., arbitrary code execution, initially the vulnerability was posted in the WordPress forums by the name of kisscsaby a month ago.

Coming into the Details of the Vulnerability – A visitor to a website using WP Super Cache/ W3 Total Cache can remotely execute code by way of a specially crafted comment left on the blog. The comment may even be moderated and it will still cause a problem. If you allow untrusted user content on your site through other means it should also be filtered in a similar way.

Around 5 Days Back the Plugin Authors have released Updates for both the Caching Plugins disabling the vulnerable functions by default.

Security Alert: WP Super Cache and W3 Total Cache

Combined Download statistics of both these WordPress Plugins is around 6 million which shows the popularity & wide usage of both these Plugins.

As the vulnerability is Wide open to the Public now bad people may try this & take control over your site.So there is no point in waiting for, update the caching plugins to the most stable versions available.