There is a new serious WordPress vulnerability in certain versions of two popular WordPress caching plugins, W3TC and WP Super Cache. The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the plugins. An attacker could then execute code on the infected server.
 
CloudFlare has applied a rule to its network which automatically protects all CloudFlare customers, including those on free plans. Details about the vulnerability are available at:  
http://blog.cloudflare.com/w3tc-and-wp-super-cache-vulnerability-discove-17794
  
We strongly recommend you to upgrade your WP plugins immediately. As a precaution, consider enabling CloudFlare Free for any customer using WordPress, even if temporarily. We have an automated way for you to do so. Open support ticket if you are considering this option and we will guide you through the process.  

Let us know if you have any questions.


Wednesday, April 24, 2013



« Back