Persistent XSS Vulnerability Discovered in WP Super Cache Plugin


djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,495
Likes
710
Persistent XSS Vulnerability Discovered in WP Super Cache Plugin
by Sarah Gooding, WordPress Tavern
April 8, 2015

The security team at Sucuri has issued an advisory for WordPress users who have the WP Super Cache plugin activated on their sites. The popular caching plugin contains a dangerous persistent XSS vulnerability that was promptly patched in its 1.4.4 release.


Sucuri ranks the risk as ?Dangerous? with a DREAD score of 8/10. Exploiting the vulnerability is relatively easy for an attacker intent on injecting a backdoor. Sucuri breaks down the technical details of the threat as follows:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin?s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site?s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
Make certain your plugins are updated to the latest versions!

Read more...
 

Local Search Forum


Weekly Digest
Subscribe/Unsubscribe


Google Product Exert

@LocalSearchLink

Join Our Facebook Group

Top