W3 Total Cache WordPress plugin exposes site database info
Security researcher Jason A. Donenfeld has found a vulnerability in a popular WordPress plugin W3 Total Cache that makes sites to obtain sensitive data from an affected site.
Two important holes:
1.Directory listings were enabled on the cache directory, which means anyone could easily recursively download all the database cache keys, and extract ones containing sensitive information, such as password hashes.
2.Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable.
(more…)