An apparent misconfiguration exists in W3 Total Cache (W3TC), a popular plugin for the WordPress blogging platform, that could allow an attacker to browse and download password hashes and other database information. W3 Total Cache (W3TC) is a framework for Wordpress that helps speed up blogs by caching content. Read More ..
Researcher Jason A. Donenfeld first found the issue and publicized it in a post to the Full Disclosure mailing lists on Monday. The problem stems from the way W3TC stores the database cache. Since the plugin stores the cache similarly for each site, if a directory listing is left enabled, anyone can freely browse and download them. Anyone could harvest the site’s database cache keys “and extract ones containing sensitive information, such as password hashes,” according to Donenfeld’s post.