The vulnerability was registered on March, 2. It affects installations where PHP-FPM with Zend OpCache is used: a subscription user can include PHP files of the other subscription user and read sensitive variables' values. An application (e.g. WordPress) database credentials can be compromised. Often, full subscription can be compromised.
PHP 7 prior to version 7.0.14 and PHP 5 prior to version 5.6.29 are vulnerable. The older versions are vulnerable too by default, unless
opcache.validate_permission is enabled.
For more information, please refer to the following resources:
Vulnerability Summary for CVE-2015-8994 - NIST publication
This issue is fixed in:
As a temporary workaround for the issue, go to Websites & Domains > PHP Settings and set
Please also note that such change can decrease server performance.