There have been a few security announcements recently for popular software products in the web hosting world:

  • Popular web host billing software WHMCS announced a security advisory on April 23rd with a critical update needed to most currently used versions of its product
  • WordPress plugin W3 Total Cache released version 0.9.2.9 on April 17, all previous versions are vulnerable to a remote code execution exploit.  This is actually a new exploit, not to be confused with a previously discovered remote data leak exploit in W3 Total Cache versions back in December 2012.
  • A similar WordPress plugin WP Super Cache released version 1.3 to address the remote code execution vulnerability, all previous versions should be upgraded ASAP.

 

For in-depth information about the WordPress cache plugins vulnerability, check out this great debrief posted by Belgian software developer and WordPress enthusiast Frank Goossens.

Anyone who has ever installed these software packages is urged to check their versions as soon as possible.  As always, any current customers who would like help with these updates should open a support ticket for free assistance.