WordPress caching plugins PHP code execution

Description

Two very popular WordPress caching plugins (WP Super Cache and W3 Total Cache) are vulnerable to PHP code execution via interpretation of dynamic snippets, that are contained inside a number of specific HTML-comment tags. WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) are vulnerable to this issue.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Remote PHP code execution.

Recommendation
Upgrade the vulnerable plugin(s) to the latest version.

References
WP Caching plugin vulnerability debrief
WP Super Cache
W3 Total Cache
Initial report of the vulnerability