A security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin.
According to Jason Donenfield in this Full Disclosure list, claims the WordPress plugin “W3 Total Cache”, which boasts high-traffic sites like Mashable and Lockergnome among its users, has serious vulnerabilities.
In the default setup, when users simply choose “add plugin” from the WordPress catalogue leaves cache directory listings enabled, according to Donenfield.
He said this allows database cache keys to be downloaded on vulnerable installations and that could expose password hashes. “A simple google search of “inurl:wp-content/plugins/w3tc/dbcache” and maybe some other magic reveals this wasn’t just an issue for me”, he writes.
The search term was later amended by Donenfield to “inurl:wp-content/w3tc”.
“Even with directory listings off,” he continues, “cache files are by default publicly downloadable, and the key values / file name of the database cache items are easily predictable.”
Donenfield says the developer of the plug-in intends to release a fix “soon”. In the meantime, he notes that “deny from all” should be set in the .htaccess file.
Today, I went to the beach front with my kids.
I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put
the shell to her ear and screamed. There was a hermit crab inside and it pinched her
ear. She never wants to go back! LoL I know this is totally
off topic but I had to tell someone!
LikeLike
Woah! I’m really digging the template/theme of this blog. It’s simple,
yet effective. A lot of times it’s very hard to get that “perfect balance” between user friendliness and visual appeal. I must say that you’ve
done a excellent job with this. Additionally, the
blog loads very quick for me on Opera. Outstanding Blog!
LikeLike