Wordpress W3 Total Cache PHP Remote Code Execution Exploit

This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-2010
Product Version: 
2013 R1
Released Date: 
Thursday, June 6, 2013 - 00:00