Tuesday, April 14, 2015

Over 1M sites affected by WordPress Plugin flaw

WP-Super-Cache plug-in for WordPress responsible for generating static html files from dynamic WordPress blog. Recently security researchers from Sucuri identified cross-site scripting (XSS) vulnerability that allows an intruder to take complete control of the website. Over 1 million websites are using this plugin that means it's a huge risk for everyone. Fortunately, WP-Super-Cache developers addresses this security flaw with a release of new version 1.4.4. Sysadmins should update the vulnerable plugin on earliest basis otherwise attackers can take the advantage via malformed query and add malicious scripts to the cached files published by the component. Sucuri gives CVSS score 8.0 to this issue that means it can be done with ease. There is a high possibility that attacker could add new admin account and install backdoors on the vulnerable website. <more>

No comments: