Welcome Guest.   Make a donation to an author on the site September 30, 2014, 12:56:44 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: If you have a Wordpress blog and are using a caching plugin, please update NOW!  (Read 1496 times)
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,221



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: April 25, 2013, 09:05:22 AM »

Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed

Quote
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

    
Quote
…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia


It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.

http://blog.sucuri.net/20...nerability-disclosed.html
« Last Edit: April 26, 2013, 05:06:28 PM by app103 » Logged

wraith808
Supporting Member
**
Posts: 6,328



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: April 26, 2013, 07:43:45 AM »

Why do people use these plugins, anyway?  I haven't really seen a need (which is why none of my client sites nor my sites have the problem).
Logged

app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,221



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: April 26, 2013, 09:24:51 AM »

I haven't seen the need for need for one yet, myself. But I do know that if you have a lot of traffic and the database hits and CPU usage are slowing down your site, a caching plugin could speed it up quite a bit. So can moving to better hosting, but not everyone has that luxury. I know of quite a few on free hosting that use caching plugins to cut down on CPU usage, which can be quite restrictive on free hosts and carry a penalty of having your site deleted if you exceed the limits.
Logged

rgdot
Supporting Member
**
Posts: 1,623


View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: April 26, 2013, 10:10:53 AM »

Caching plugins do have a tendency for their own issues. White/blank pages for example. Unless your site is super popular on limited host/resources I wouldn't really bother.
Logged
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,576



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: April 26, 2013, 03:36:41 PM »

April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,221



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: April 26, 2013, 05:09:01 PM »

April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen

My fingers habitually and reflexively tend to follow i-n with a g.  embarassed
Logged

tomos
Charter Member
***
Posts: 8,542



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: April 27, 2013, 03:07:08 PM »

April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen

lol, you get an honourable mention *here* - "more for the content than for the number" cheesy
Logged

Tom
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.047s | Server load: 0.11 ]