English: WordPress Logo (Photo credit: Wikipedia)

The Vulnerability Of W3 Total Cache And WP Super Cache

In June 2013, a vulnerability was found in a couple of commonly used caching plugins, which allow arbitrary PHP code to be included in blog comments. The WP Super Cache and W3 Total Cache have launched updated versions to address this issue. Webmasters who use these plugins ought to update to the new versions as quickly as they can.

Several WordPress websites use caching plugins to lessen the quantity of time it takes for pages to load. In the absence of caching, WordPress websites create each page on the spot, processing PHP code then contacting the database. A caching plugin reduces the quantity of time a visitor has to wait, by storing a ready prepared version of the web page in memory (or on disk) and displaying that static version.

Nonetheless, occasionally, it is useful to permit specific parts of a page to be dynamically generated, whilst the remainder of the page stays static and cached. WordPress offers a way of embedding these dynamic elements, via the MFUNC fragment. Also, in user's comments, WordPress facilitates the embedding of a restricted  selection of HTML tags, so users can format their text.

Regrettably, the inclusion of these two features enabled an arbitrary PHP code to be incorporated into the comments. Malicious users added PHP code (via the MFUNC fragment) inside HTML comments, whilst commenting on WordPress pages or posts. Consequently, the input was incorrectly sanitized prior to contacting the WordPress core, so the PHP code ended up being run on the server.