ThreatPress

WordPress Vulnerabilities Database

Back

WordPress W3 Total Cache plugin <= 0.9.2.8 - PHP Code Execution vulnerability

Product
W3 Total Cache
Description
W3 Total Cache plugin is prone to a PHP code execution vulnerability because of the handling of certain macros such as "mfunc" that allows arbitrary PHP code injection.
Solution
Update the WordPress W3 Total Cache plugin to the latest available version (at least 0.9.2.9).
Classification
Type Arbitrary Code Execution
References
Exploit-DB
Packet Storm
CVE
Name CVE- 2013-2010
Versions
Affected In <= 0.9.2.8
Fixed In 0.9.2.9
Disclosure date
2013-05-01
Credits
metasploit
Submitter
ThreatPress