Both of these are highly popular plugins used to make sites faster and more in line with Google’s upcoming page experience update.
Many hosting providers recommend both plugins to help with page speed, and more than six million people use both on their WordPress sites.
The Vulnerability is Known as Remote Code Execution
This new vulnerability falls under the category of remote code execution, and what makes it so serious is that it affects every single WordPress installation that has blog comments enabled.
The user Kisscsaby first reported it on the official WordPress forum.
What is Remote Code Execution?
Science Direct explains remote code execution as follows:
Example of the Exploit
Netsparker.com shares an example of the code evaluation exploit in question:
Patch Issued for WP Super Cache; Update Immediately
In response to this threat, the developer of the WP Super Cache plugin has released a patch and advises all users to immediately update their plugin to version 1.7.2.
Be sure to download the update so you can restore your site’s security as quickly as humanly possible.
At the time of writing, though, there is not currently any word from W3 Total Cache regarding any updates or patches. So if you’re one of the plugin’s many users, be aware that it could be putting your site at risk until its vulnerability is fixed.