WP Super Cache and W3 Total Cache plugins.
If you’ve not done so already, you should
take immediate action to upgrade those plugins
to prevent any damage to your site(s).
If you need upgrade guidance, see:
WordPress ? W3 Total Cache « WordPress Plugins
WordPress ? WP Super Cache « WordPress Plugins
==================================================
The folks at Wordfence.com shared this information:
“WHAT TO DO: Upgrade to the newest version of both
these plugins immediately The security holes have
been fixed by the developers.
“The impact of these security holes can’t be overstated.
They allow anyone to bypass all security and gain
complete access to your WordPress site.
“The exploit was posted by a user on the WordPress
forums. The plugin authors have now updated their
code to fix this issue.
“The security hole allows an attacker to post PHP code
embedded in comments and that code will be executed
by your server. This effectively gives them unlimited
access to all parts of your site and database.
“There have been roughly 6 million downloads of both
plugins combined, so they are very popular and this
hole is likely to have spawned large scale automated
attacks that take advantage of it.
“If you run either of these plugins, it’s likely that your
system may already have been compromised. Please
upgrade both plugins and then run a full Wordfence
scan to verify your system integrity.”
Please login or Register to submit your answer