Map Labs

Persistent XSS Vulnerability Discovered in WP Super Cache Plugin

Thread starter djbaxter
Start date Apr 8, 2015

More threads by djbaxter

djbaxter

Administrator

Apr 8, 2015

#1

Persistent XSS Vulnerability Discovered in WP Super Cache Plugin
by Sarah Gooding, WordPress Tavern
April 8, 2015

The security team at Sucuri has issued an advisory for WordPress users who have the WP Super Cache plugin activated on their sites. The popular caching plugin contains a dangerous persistent XSS vulnerability that was promptly patched in its 1.4.4 release.

Sucuri ranks the risk as ?Dangerous? with a DREAD score of 8/10. Exploiting the vulnerability is relatively easy for an attacker intent on injecting a backdoor. Sucuri breaks down the technical details of the threat as follows:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin?s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site?s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.

Click to expand...

Make certain your plugins are updated to the latest versions!

Read more...

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 3K

Jan 9, 2022

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 3K

May 5, 2020

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 4K

Dec 18, 2020

djbaxter

Contact Form 7 Datepicker - High Vulnerability Leads To Plugin Closure

Replies: 1

Views: 4K

Apr 2, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 2K

Feb 19, 2020

djbaxter

Share:

Facebook X (Twitter) Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Share this page

Facebook X (Twitter) Email Link

LocalU Event

LocalU Webinar

Newest Posts

T
Massive Google Maps failure, business jumped 50 miles away
- Latest: Timur
- Yesterday at 7:10 PM
Google Business Profile (GBP) & Google Maps
S
One GBP Showing Up in Right Hand Panel for High Volume Search
- Latest: SeoSaur
- Yesterday at 5:45 PM
Google Business Profile (GBP) & Google Maps
GBP Direction Requests
- Latest: Tyler Hammer
- Yesterday at 5:36 PM
NAP, Categories, Dashboard Data
How to stop a spammer from taking me down?
- Latest: iseeu
- Yesterday at 4:37 PM
Spam on Google
Using Same Photos for a Brand
- Latest: ElizabethRule
- Yesterday at 4:36 PM
Google Business Profile (GBP) & Google Maps
N
Adding Wine/Beer to Menu
- Latest: NicoleWattam
- Yesterday at 4:35 PM
Google Business Profile (GBP) & Google Maps
Is it possible to move reviews to a different GMB listing?
- Latest: ElizabethRule
- Yesterday at 4:29 PM
Google Business Profile (GBP) & Google Maps

Trending: Most Replies

Trending: Most Viewed

Insane New Spamming Tactic on Google Maps
- Started by JoyHawkins
- Mar 20, 2024
- Views: 7K
Spam on Google
T
Two Google Business Profiles same name, phone number but different addresses. I would like to merge into one but Google has confirmed "no"
- Started by teganmonaco
- Mar 20, 2024
- Views: 6K
Google Duplicates & Merges
P
Spam Fighting? Redressal Form still working?
- Started by Powersupport
- Mar 20, 2024
- Views: 6K
Google Business Profile (GBP) & Google Maps
Can You Get a Review Re-Evaluated?
- Started by Kurt Steinbrueck
- Mar 20, 2024
- Views: 6K
Google Business Profile (GBP) & Google Maps
The Local Search Forum is Now on Reddit!
- Started by JoyHawkins
- Mar 20, 2024
- Views: 6K
LSF News and Announcements

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Local Search Pros Facebook

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom