WordPress W3 Total Cache plugin predictable cache filenames

Description
  • WordPress plugin W3 Total Cache has a security issue that can occur if using database caching to disk. When database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories an attacker can predict the names of cache files and retrieve their contents.
Remediation
  • Upgrade to W3 Total Cache version 0.9.2.5 or later.
References