A vulnerability recently discovered in WP-Super-Cache could put millions of websites at risk.
The WordPress plugin, WP-Super-Cache, generates static HTML files from dynamic WordPress blogs. The vulnerability allows attackers to insert malicious code into WordPress pages that use the extension.
Security firm Sucuri commented:
Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.
When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
So, if you’re using a vulnerable version of this plugin, update as soon as possible. Here’s the link to the new version.
If you need more information, contact a Reconnix Consultant on: 08454210444 or email us: info@reconnix.comto see how we can help.
Have you found this update useful? Let us know, leave a comment below.