Dangerous persistent XSS vulnerability found in WP Super Cache
WP Super Cache is an extremely popular caching plugin, which according to WordPress.org is active on over a million WordPress sites. The vulnerability has been promptly patched, and if you are running a version lower than 1.4.4 we recommend you upgrade as soon as possible. According to Sucuri:
Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.
When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
Leave a Reply
Want to join the discussion?Feel free to contribute!