From Bitdefender's "HOTforSecurity" Blog:
A severe bug that allows access to users' password hashes has been discovered in a third-party plugin for the highly popular WordPress content management system. The flaw resides in the W3 Total Cache plugin, an extension that helps high-traffic increase their performance by caching static pages, among others.
According to SecLists poster Jason Donenfield, the W3 Total Cache folder allows directory listings in its default configuration. This allows anyone to take a peek at the the contents of the /wp-content/w3tc folder and look for anything they may find interesting - in this case, cache files that hold usernames and their corresponding hashed passwords.
"Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. Again, it seems odd that 'deny from all' isn't added to the .htaccess file. Maybe it's documented somewhere that you should secure your directories, or maybe it isn't; I'm not sure," wrote Donenfield.
Continued : http://www.hotforsecurity.com/blog/caching-plugin-poses-serious-security-threat-for-large-wordpress-sites-4920.html
WordPress W3 Total Cache Misconfiguration Leaves Some Blogs Vulnerable
New WordPress vuln emerges