Tony Perez over at Sucuri shared yesterday a significant vulnerability that’s landed among some of the top plugins used out there which also happen to be the top caching plugins for WordPress.
If you’re a fan and a user of WP Super Cache or W3 Total Cache then this update is for you! There’s a RCE (Remote Code Execution) vulnerability in these plugins that allows an attacker to execute commands on the blog directly.
To test if you’re vulnerable or if you’ve been impacted you can easily copy the following line into your comment section of your blog:
<!–mfunc echo PHP_VERSION; –><!–/mfunc–>
If you get anything other than what’s exactly written there and instead get something like 5.2.17 (which is your PHP version) then you’ve been hit!
If you have been infected, do what Ryan Hellyer has suggested here:
Restore from backup, then manually back in any comments or posts which may have been added since your last backup. Make sure you update the plugin before pushing the changes live, or you risk being hacked again before you have a chance to upgrade the plugin.
Thanks for the catch Sucuri and make sure you block out part of your day to updating your sites (and your clients!).