Life of Pix free stock photos door danger blue high voltage leeroy 1440x960

Dangerous persistent XSS vulnerability found in WP Super Cache

WP Super Cache is an extremely popular caching plugin, which according to WordPress.org is active on over a million WordPress sites. The vulnerability has been promptly patched, and if you are running a version lower than 1.4.4 we recommend you upgrade as soon as possible. According to Sucuri:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *