WordPress W3 Total Cache plugin predictable cache filenames

Description

WordPress plugin W3 Total Cache has a security issue that can occur if using database caching to disk. When database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories an attacker can predict the names of cache files and retrive their contents.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Sensitive information disclosure.

Recommendation
Upgrade to W3 Total Cache version 0.9.2.5 or later.

References
Wordpress Remote Exploit - W3 Total Cache
W3 Total Cache changelog