A security vulnerability in two commonly used WordPress plugins, WP Super Cache and W3 Total Cache, has come to our attention. Anyone with these plugins, even if inactive, needs to update them immediately in order to protect themselves from attack.
This security breach allows for remote command execution of PHP commands through the comment section of WordPress websites, allowing anyone to execute code on your server. This leaves sensitive information, like payload, vulnerable.
If you are unsure whether you have this plugin or not, or whether it’s been updated already, sign into the back end of your WordPress website and go to the Plugins section. If you have either plugin, it should be listed here. If you have not updated it to the latest version, it will say there is a newer version available in bold letters under that listing, and give you the option of either looking at the update details or updating it from there. Click on “update now” and it will take you to another page and automatically start updating.
Another way to update either plugin (assuming you already know you have one) is to visit the links below to go to the Plugin Directory for WordPress and download the latest version by pressing that orange button on the upper right-hand side.
WP Super Cache Update to 1.3.x or higher
W3 Total Cache Update to 9.2.9 or higher
If you have any difficulties with this process, contact us and we’ll do what we can to assist you.
Be safe out there.