WordPress plugin warning: "W3 Total Cache"

Started by Jason, December 27, 2012, 08:40:20 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Please be aware if you use this plugin for WordPress:

http://securityledger.com/popular-wordpress-plugin-leaves-sensitive-data-in-the-open/

Quote
A security researcher is warning WordPress uses that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search.

The researcher, Jason A. Donenfeld, who uses the handle "zx2c4" posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress users that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote.

More information is available in the link above.