

Merry Christmas, now go patch your Wordpress installation - zx2c4
http://seclists.org/fulldisclosure/2012/Dec/242

======
zx2c4
Exploit: <http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh>

Screencast: <http://git.zx2c4.com/w3-total-fail/plain/screencast.ogv>

------
groobque
I can confirm the issue. My install was vulnerable. If you don't want to
disable W3, then just add

    
    
      deny from all
    

In wp-content/w3tc/dbcache/.htaccess.

