WordPress W3 Total Cache plugin predictable cache filenames


WordPress plugin W3 Total Cache has a security issue that can occur if using database caching to disk. When database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories an attacker can predict the names of cache files and retrive their contents.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Sensitive information disclosure.

Upgrade to W3 Total Cache version or later.

Wordpress Remote Exploit - W3 Total Cache
W3 Total Cache changelog