ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

If you have a Wordpress blog and are using a caching plugin, please update NOW!

(1/2) > >>

app103:
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

    …arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia
--- End quote ---


It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.
--- End quote ---

http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html

wraith808:
Why do people use these plugins, anyway?  I haven't really seen a need (which is why none of my client sites nor my sites have the problem).

app103:
I haven't seen the need for need for one yet, myself. But I do know that if you have a lot of traffic and the database hits and CPU usage are slowing down your site, a caching plugin could speed it up quite a bit. So can moving to better hosting, but not everyone has that luxury. I know of quite a few on free hosting that use caching plugins to cut down on CPU usage, which can be quite restrictive on free hosts and carry a penalty of having your site deleted if you exceed the limits.

rgdot:
Caching plugins do have a tendency for their own issues. White/blank pages for example. Unless your site is super popular on limited host/resources I wouldn't really bother.

KynloStephen66515:
April, the topic title is a bit squitty.
Wordpress blog and are using a caching pluging
--- End quote ---

Seems like that should say plugin, not pluging :P

Anal as always

-Stephen

Navigation

[0] Message Index

[#] Next page

Go to full version