Dangerous persistent XSS vulnerability found in WP Super Cache

WP Super Cache is an extremely popular caching plugin, which according to WordPress.org is active on over a million WordPress sites. The vulnerability has been promptly patched, and if you are running a version lower than 1.4.4 we recommend you upgrade as soon as possible. According to Sucuri:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.