Posted January 1, 2013 by Rapid John in Tech News
 
 

WordPress Blogs at Risk Due to Security Flaw of Popular Plug-In

wordpress-for-blackberry-playbook
wordpress-for-blackberry-playbook

A security flaw in the default configuration of a popular plug-in for WordPress has put blogs hosted on the platform at risk of data theft.

The flaw, discovered by researcher Jason Donenfeld, is in W3 Total Cache (W3TC), a plug-in to the blog-hosting platform that caches content in order to speed up request times.

Since data are stored similarly and in searchable form, Donenfeld says it’s possible to extract sensitive information like password hashes and database cache keys from any directory that has been enabled.

Even directories that aren’t enabled wouldn’t be very difficult to guess, a Seclist.org post on the matter said.

At present, all versions of WordPress are vulnerable to the flaw, but a later post by Donenfeld said the author of the plug-in plans to close the gap soon.

W3TC users are encouraged to disable the plug-in until such a fix is released.

Did you enjoy this article? If so, we’d love to hear your thoughts on the Forums or on our Facebook page. Get more articles instantly on your BlackBerry smartphone with our Free BlackBerry 10 App.

Enjoy this article? Share it with others.

  • Facebook
  • Twitter
  • StumbleUpon
  • LinkedIn
  • Digg
  • Pinterest
  • Google Plus
  • Tumblr
  • Reddit
  • Instapaper
  • Delicious
  • Email
  • Print


security tech news