WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin W3 Total Cache Backdoor (0.9.2.2)

Description

WordPress Plugin W3 Total Cache is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer.

Remediation

Install version 0.9.2.3 downloaded after June 21st, 2011 or latest

References

http://wordpress.org/news/2011/06/passwords-reset/

http://secunia.com/advisories/45021/

Related Vulnerabilities

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-3639)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2960)

WordPress Plugin YITH Maintenance Mode Cross-Site Scripting (1.3.7)

WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)

WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update