Millions of WordPress Websites are Under Threat :: Persistent XSS in WP-Super-Cache

 

Millions of WordPress Websites are Under Threat :: Persistent XSS in WP-Super-Cache

Sucuri has released a security advisory stating a very critical persistent Cross-site scripting (XSS) Vulnerability in WP-Super Cache plugin. Sucuri has flagged this vulnerability as Dangerous (Score: 8/10) with very easy exploitation level.

According to WordPress.org, WP-Super Cache plugin is the most popular plugin used by millions of WordPress websites. The latest version of WP-Super Cache plugin 1.4.4 has fixed this critical security issue and several other bugs.

What are the risks involved?

An attackers can exploit this vulnerability by creating specially crafted queries and use them to insert malicious scripts to the WP-Super Cache plugin’s cached file listing page.

When these malicious scripts are executed, it could be used to inject back-doors using WordPress theme edition tools. It also allows attackers to add new administrator accounts. If you’re using a vulnerable version of this plugin, you should update it soonest possible.

Rahul Vaghasia

Rahul Vaghasia

Rahul is CEO at AccuWebHosting.com. He shares his web hosting insights at AccuWebHosting blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, Windows and Linux hosting platforms.
Rahul Vaghasia
(Visited 83 times, 1 visits today)

Leave a Reply

AlphaOmega Captcha Classica  –  Enter Security Code
captcha      
 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sign up for a News Letter Click here to sign up