addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1linklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Re: [wordpress-195] W3 Total Cache Plugin

From: user 1.
Sent on: Thursday, December 27, 2012 1:02 PM
Sounds like the vulnerability depends on directory listing being enabled - your site appears ok : http://evelurie.com/img/

On Thu, Dec 27, 2012 at 12:16 PM, eve lurie <[address removed]> wrote:
Hi all,
a co-worker has sent me this. 
should i remove the plugin?

"A security researcher is warning WordPress users that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search. The researcher, Jason A. Donenfeld, who uses the handle 'zx2c4' posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress blogs that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and the knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote. W3 Total Cache is described as a 'performance framework' that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com and smashingmagazine.com, according to the WordPress web site."

All the best,
-----------
eve lurie
web design










--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Anca ([address removed]) from The East Bay WordPress Meetup Group.
To learn more about Anca, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, PO Box 4668 #37895 New York, New York[masked] | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by eve lurie ([address removed]) from The East Bay WordPress Meetup Group.
To learn more about eve lurie, visit his/her member profile
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, PO Box 4668 #37895 New York, New York[masked] | [address removed]



--
/* daniel c. || [address removed] */

Our Sponsors

  • Page.ly

    Pagely provides hosting for our new EastBayWP.com site

  • Tech Liminal

    TechLiminal provides our awesome meeting space

  • O'Reilly Media

    Discount codes for O'Reilly books, e-books, training.

  • A2 Hosting

    A2 Hosting has kindly offered to pay for our pizza on an ongoing basis.

  • WP Shout

    October 2015 giveaway of Up and Running with WP, plus discount codes.

  • Wheepl

    Wheepl is sponsoring the November 2015 Meetup

  • Beaver Builder

    December 2015 license giveaway and swag.

  • Modern Tribe

    Modern Tribe is providing pizza and swag for the July 2015 Meetup.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy