The Website security company Sucuri has found some serious vulnerabilities in the two most popular WordPress Plugins and issued a warning to the entire WordPress user community to update them as soon as possible.
The two Plugins namely WP Super Cache and W3TC are found susceptible to a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution.
The website security expert commented that this issue was reported last month by few users but publishers issued a patch disabling the vulnerable function by default. Considering the widespread usage of these two plugins which comes somewhere close to 6 million downloads makes it a big concern.
The comment friendly WordPress sites are more vulnerable.
Plugin developers have acted quickly and recent updates are available for download. WordPress users can download the updated versions from Plugin Repository:
WP Super Cache
W3TC Total Cache
Thanks to Sucuri and both Plugin Publishers for bring-up this matter and fixing the issue so quickly.
You can read more about the issue here and some ref here