WP Super Cache Cross-Site Scripting Vulnerability
WP Super Cache, a WordPress plugin, has been reported to contain a persistent Cross-Site Scripting (XSS) vulnerability. All WordPress users who are using this plugin are strongly advised to update as soon as possible.
WP Super Cache is one of the most popular WordPress plugins with more than 1 mln. active installs.
The vulnerability is found in all earlier versions, prior to 1.4.4. All WordPress and WP Super Cache users are advised to update the plugin to the most recent version immediately so as to avoid possible attacks.
What are the risks?
The aforementioned vulnerability allows the attacker to interfere with the plugin’s scripts – he may add new scripts to the plugin’s cached file listing page. When executed, the scripts could be used for malign actions like adding new administrator accounts to the site or injecting backdoors by using WordPress theme edition tools, and more.
Also, in the old versions of WP Super Cache user supplied data was appended to the page contents. To avoid this, again, please update your WP Super Cache plugin to 1.4.4. version.
Are you using WP Super Cache? Have you been affected? Share your concerns in the comments!