Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Popular Wordpress Plugin Leaves Sensitive Data in the Open->

Submitted by
chicksdaddy
chicksdaddy writes "A security researcher is warning WordPress uses that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search.

The researcher, Jason A. Donenfeld, who uses the handle “zx2c4” posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress blogs that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and the knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote.

W3 Total Cache is described as a “performance framework” that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com and smashingmagazine.com, according to the WordPress web site."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Popular Wordpress Plugin Leaves Sensitive Data in the Open

Comments Filter:

Time-sharing is the junk-mail part of the computer business. -- H.R.J. Grosch (attributed)

Working...