Computers on Focus - Online Security Guide

07:07 午後
05 December 2024

WP-Super-Cache’s Glitch Could Affect Over 1 Million Sites (2019)

WP-Super-Cache’s Glitch Could Affect Over 1 Million Sites (2019)

The WP-Super-Cache plugin has a cross-site scripting (XSS) vulnerability which could enable the attacker to gain a full access and control of the compromised website.

What Is WP-Super-Cache for?

ザ・ WP-Super-Cache is a plugin that “generates static html files from your dynamic WordPress blog. After an html file is generated, your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.”

99% of your visitors will be served static html files, and those who are not – will still benefit because they will be able to see cached files although they might be a little lower quality. 加えて, the plugin will take care of your website’s front page appearance on various social networking websites.

これまでのところ, the WP-Super-Cache has:

  • 以上 1 million installations
  • 以上 7 million downloads
  • 以上 4,000 daily downloads

The Glitch – Cross-Site Scripting (XSS) Vulnerability

Sucuri, a security service company detecting unauthorized changes to websites, DNS, Whois, SSL and others, reported a remotely exploitable vulnerability to the plugin developers. They, on the other hand, just released the 1.4.4 version which promises to have repaired the problem.

According to Sucuri, the vulnerability is with 8 out of 10 severity score. そして, although the new repaired version is released, there are still users who use previous builds containing the glitch and thus are an easy target for attackers.

The glitch includes adding a new admin account to the website, and is caused by improper sanitization of the user information.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.