Discovered by Jason Donenfeld and reported through a mailer, the flaw affects the W3TC plug-in which is used to cache content on the blogging platform to decrease response times and increase loading speeds.
The researcher claims that data stored in cache directory can be recursively downloaded that may eventually lead to download of sensitive data like password hashes and database cache keys. “Directory listings were enabled on the cache directory, which means anyone could easily recursively download all the database cache keys, and extract ones containing sensitive information, such as password hashes”, notes Donenfeld.
Even in case where directory listing is not enabled, cache files are available for download publicly “and the key values / file names of the database cache items are easily predictable.”
Multiple versions of WordPress are reportedly vulnerable. The plug-in creator has said that the security hole will be closed soon but, until then it is recommended that the plug-in be disabled to be on the safer side.
