If you utilize caching for your WordPress blog(s) then your sites may be vulnerable to attack.
Sucuri recently announced vulnerabilities in the extremely popular W3 Total Cache and WP Super Cache plugins in which a hacker can execute code on your site without requiring direct access to the backend.
This is a very serious vulnerability, so if you use either plugin you should (1) check that you site hasn’t been compromised and (2) upgrade your plugins immediately.
The check is really simple — just enter the following into the comments form on one of your blog posts:
<!–mfunc echo PHP_VERSION; –><!–/mfunc–>
If a version number (e.g. 5.2.17) is displayed in place of the above code when you submit the comment, your site has been compromised. You should immediately upgrade your plugins — we strongly advise that you take advantage of ManageWP’s one-click update feature so that the plugins across all of your sites can be upgraded immediately.
Please take action now to prevent your site from being yet another victim of the recent swathe of hacks!
On a related note, praise should go to the developers of both caching plugins for releasing patches so quickly that eliminated the vulnerability. Thank you guys!