W3 Total Cache PHP Code Injection | WordPress.org

Resolved melparker
(@melparker)

2 years, 9 months ago

Hi,

I read at https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-w3-total-cache-php-code-injection-0-9-2-8/ that

WordPress Plugin W3 Total Cache is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

Remediation: Update to plugin version 0.9.2.9 or latest

Has this issue been fixed? I have version Version 2.3.2 now.

Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Contributor Marko Vasiljevic
(@vmarko)

2 years, 9 months ago

Hello @melparker

Thank you for your question and I am happy to help!

The version that is mentioned in this article 0.9.2.8 is very old. Since then we have implemented a lot of fixes and updates, and also the security measures.

This was fixed a long time ago and you don’t have to worry about this.

Thanks!

Thread Starter melparker
(@melparker)

2 years, 9 months ago

Great, thanks!

Plugin Contributor Marko Vasiljevic
(@vmarko)

2 years, 9 months ago

Hello @melparker

You are most welcome!

We would really appreciate it if you could take a minute and post a review here. This will help us to continue offering a top-notch product to users.
Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘W3 Total Cache PHP Code Injection’ is closed to new replies.

3 replies
2 participants
Last reply from: Marko Vasiljevic
Last activity: 2 years, 9 months ago
Status: resolved