via blog.cloudflare.com => original post link
The team at the research firm Sucuri announced a serious vulnerability to W3TC and WP Super Cache this afternoon. (Update: it appears the vulnerability was first reported on WordPress.org about a month ago.) The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the two most popular WordPress caching plugins. This is a serious vulnerability as it could allow an attacker to execute code on your server.
Here are the versions of each plugin that are vulnerable:
W3 Total Cache (version 0.9.2.8 and below are vulnerable,