W3 Total Cache WordPress plugin exposes site database info

Security researcher Jason A. Donenfeld has found a vulnerability in a popular WordPress plugin W3 Total Cache that makes sites to obtain sensitive data from an affected site.

Two important holes:

1.Directory listings were enabled on the cache directory, which means anyone could easily recursively download all the database cache keys, and extract ones containing sensitive information, such as password hashes.

2.Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable.

Source:

Suggested Read:  WordPress 4.9 Tipton released

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

*