Sucuri has released a security advisory stating a very critical persistent Cross-site scripting (XSS) Vulnerability in WP-Super Cache plugin. Sucuri has flagged this vulnerability as Dangerous (Score: 8/10) with very easy exploitation level.
According to WordPress.org, WP-Super Cache plugin is the most popular plugin used by millions of WordPress websites. The latest version of WP-Super Cache plugin 1.4.4 has fixed this critical security issue and several other bugs.
What are the risks involved?
An attackers can exploit this vulnerability by creating specially crafted queries and use them to insert malicious scripts to the WP-Super Cache plugin’s cached file listing page.
When these malicious scripts are executed, it could be used to inject back-doors using WordPress theme edition tools. It also allows attackers to add new administrator accounts. If you’re using a vulnerable version of this plugin, you should update it soonest possible.