Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 04, 2015, 07:27:24 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: If you have a Wordpress blog and are using a caching plugin, please update NOW!  (Read 1885 times)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,563
    • View Profile
    • App's Apps
    • Donate to Member
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed

Quote
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

    
Quote
…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia


It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.

http://blog.sucuri.n...ility-disclosed.html
« Last Edit: April 26, 2013, 05:06:28 PM by app103 »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,330
  • "In my dreams, I always do it right."
    • View Profile
    • wraith808
    • Donate to Member
Why do people use these plugins, anyway?  I haven't really seen a need (which is why none of my client sites nor my sites have the problem).

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,563
    • View Profile
    • App's Apps
    • Donate to Member
I haven't seen the need for need for one yet, myself. But I do know that if you have a lot of traffic and the database hits and CPU usage are slowing down your site, a caching plugin could speed it up quite a bit. So can moving to better hosting, but not everyone has that luxury. I know of quite a few on free hosting that use caching plugins to cut down on CPU usage, which can be quite restrictive on free hosts and carry a penalty of having your site deleted if you exceed the limits.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,801
    • View Profile
    • Donate to Member
Caching plugins do have a tendency for their own issues. White/blank pages for example. Unless your site is super popular on limited host/resources I wouldn't really bother.

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,003
    • View Profile
    • Donate to Member
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging :P

Anal as always

-Stephen

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,563
    • View Profile
    • App's Apps
    • Donate to Member
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging :P

Anal as always

-Stephen

My fingers habitually and reflexively tend to follow i-n with a g.  :-[

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 9,524
    • View Profile
    • Donate to Member
April, the topic title is a bit squitty.
Quote
Wordpress blog and are using a caching pluging

Seems like that should say plugin, not pluging :P

Anal as always

-Stephen

lol, you get an honourable mention *here* - "more for the content than for the number" :D
Tom