On Christmas Eve, knowledge of a rather serious security hole for Wordpress was released.
However, no official patch has been provided yet, even in the most up-to-date version.
To combat this, go to the wp-content directory of every WordPress
install you may have that has this plugin installed, and create a file
named .htaccess in the w3tc directory there:
[Wordpress installation directory]
and in this .htaccess file, add the lines:
Deny from all
This will prevent outside access to the directory containing sensitive
information. Alternatively, you may also want to configure W3TC to
disallow cache directory listings.
As always, please be sure to update any WordPress installs and plugins
you may have installed. This is a responsibility that we have of our
customers (as it’s simply not feasible for us to be in control of this),
and should be a quick and easy process to do.