W3 Total Cache 0.9.2.5 Fixes WordPress Security Flaw
Posted: January 2, 2013 by Alex Chan
A popular WordPress plugin, W3 Total Cache, released an update today for a security flaw. When the default configuration settings are set to database caching to disk, it is possible to extract passwords, hash codes, cache keys, and other sensitive information.
The security hole originally discovered at seclists.org has updated W3 Total Cache to version 0.9.2.5. It is highly recommended that anyone using the W3 Total Cache plugin to immediately upgrade to the latest version.
"Fixed security issue that can occur if using database caching to disk. If using database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories. This patch works for all hosting environments / types where PHP is properly configured, i.e. .htaccess modifications (or other web server configuration changes) are not necessary to ensure proper security. Empty the database cache after performing the update if you use database caching to disk."W3 Total Cache, WordPress Plugins