Welcome Guest.   Make a donation to an author on the site May 20, 2013, 03:15:07 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
+  DonationCoder.com Forum
|-+  Main Area and Open Discussion
| |-+  Living Room
| | |-+  If you have a Wordpress blog and are using a caching plugin, please update NOW!
Pages: [1]   Go Down
« previous next »
  Reply  |  New Topic  |  Print  
Author Topic: If you have a Wordpress blog and are using a caching plugin, please update NOW!  (Read 624 times)
app103
That scary taskbar girl
Global Moderator
*****
Posts: 4,604



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: April 25, 2013, 09:05:22 AM »
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed

Quote
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

    
Quote
…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia


It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.

http://blog.sucuri.net/20...nerability-disclosed.html
« Last Edit: April 26, 2013, 05:06:28 PM by app103 » Logged
Lacuna Launcher | Instant Boss | More App's Apps | Maybe Not Safe for Work | Free Programming E-Books
wraith808
Supporting Member
**
Posts: 4,297



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: April 26, 2013, 07:43:45 AM »
Why do people use these plugins, anyway?  I haven't really seen a need (which is why none of my client sites nor my sites have the problem).
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 4,604



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: April 26, 2013, 09:24:51 AM »
I haven't seen the need for need for one yet, myself. But I do know that if you have a lot of traffic and the database hits and CPU usage are slowing down your site, a caching plugin could speed it up quite a bit. So can moving to better hosting, but not everyone has that luxury. I know of quite a few on free hosting that use caching plugins to cut down on CPU usage, which can be quite restrictive on free hosts and carry a penalty of having your site deleted if you exceed the limits.
Logged
Lacuna Launcher | Instant Boss | More App's Apps | Maybe Not Safe for Work | Free Programming E-Books


[ may-june 2013 ad experiment; click here to learn more about donationcoder.com ]

rgdot
Supporting Member
**
Posts: 1,241


View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: April 26, 2013, 10:10:53 AM »
Caching plugins do have a tendency for their own issues. White/blank pages for example. Unless your site is super popular on limited host/resources I wouldn't really bother.
Logged
RGdot.com
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,310



plarker Stephen66515 see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: April 26, 2013, 03:36:41 PM »
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen
Logged
No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced
app103
That scary taskbar girl
Global Moderator
*****
Posts: 4,604



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: April 26, 2013, 05:09:01 PM »
Quote from: Stephen66515 on April 26, 2013, 03:36:41 PM
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen

My fingers habitually and reflexively tend to follow i-n with a g.  embarassed
Logged
Lacuna Launcher | Instant Boss | More App's Apps | Maybe Not Safe for Work | Free Programming E-Books
tomos
Charter Member
***
Posts: 6,955



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: April 27, 2013, 03:07:08 PM »
Quote from: Stephen66515 on April 26, 2013, 03:36:41 PM
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging tongue

Anal as always

-Stephen

lol, you get an honourable mention *here* - "more for the content than for the number" cheesy
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
« previous next »
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.042s | Server load: 0.14 ]