Millions of WordPress Websites are Under Threat :: Persistent XSS in WP-Super-Cache

 

Millions of WordPress Websites are Under Threat :: Persistent XSS in WP-Super-Cache

Sucuri has released a security advisory stating a very critical persistent Cross-site scripting (XSS) Vulnerability in WP-Super Cache plugin. Sucuri has flagged this vulnerability as Dangerous (Score: 8/10) with very easy exploitation level.

According to WordPress.org, WP-Super Cache plugin is the most popular plugin used by millions of WordPress websites. The latest version of WP-Super Cache plugin 1.4.4 has fixed this critical security issue and several other bugs.

What are the risks involved?

An attackers can exploit this vulnerability by creating specially crafted queries and use them to insert malicious scripts to the WP-Super Cache plugin’s cached file listing page.

When these malicious scripts are executed, it could be used to inject back-doors using WordPress theme edition tools. It also allows attackers to add new administrator accounts. If you’re using a vulnerable version of this plugin, you should update it soonest possible.

(Visited 6 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code
     
 

Sign up for a News Letter Click here to sign up