These are two of the highest ranked WordPress plugins in terms of number of installations and are certainly the highest with regard to caching functionality. Both however have recently been disclosed as having severe security related vulnerabilities – namely a Remote Code Execution vulnerability which would allow any attacker to run commands of the attacker’s choice on a target machine.
All WordPress users should of course be immediately upgrading their sites to the latest WordPress core version and also upgrading each and every plugin as soon as they are released so we are sure that nobody out there is running old versions of these plugins (!!) However, as W3TC is one of our recommended plugins for WordPress users hosted on our servers, we will as a precaution, shortly be emailing each user with a current hosting account to re-enforce this.
This should serve as yet another reminder to keep all installed software completely up to date – especially in light of this month’s worldwide distributed attack against WordPress sites