It has not been a good month for WordPress. Earlier this month there was a large DoS attack against the WordPress admin page and now there is a remote code execution vulnerability with WP Super Cache and W3 Total Cache

You can read the full debrief of the problem on Frank Goossens’s blog, but the bottom line is if you have either of these plugins on your WordPress blog you need to update as soon as possible. Because of these vulnerabilities, the attacker can easily leave a comment on your blog that will execute any PHP code they wish.

If you have any questions about updating your blog / plugins, please feel free to contact support.

Update 7:50 PM 24-Apr-2013

If you are using CloudFlare (either directly through CloudFlare or via our partnership you’re covered. CloudFlare has implemented security rules on all accounts to block this vulnerability.

Leave a Reply