This is a public service announcement for all WordPress users. In case you missed it, Sucuri has issued a security advisory on their blog two days ago for a persistent cross-site scripting (XSS) vulnerability affecting one of the popular WordPress caching plugins – WP Super Cache.
From the Sucuri blog:
Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.
When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
Sucuri has given this threat a Dread Score of 8/10 making this persistent XSS vulnerability a very dangerous risk for any WordPress site using a vulnerable version of WP Super Cache. Aside from that, the exploitation level for this vulnerability is considered Very Easy which means this vulnerability is easy to perform and the attacker can use this to inject a back door or insert malicious scripts, add a new user with admin rights, modify WordPress theme files or practically anything an admin user can do from within the dashboard.
The latest version of WP Super Cache, version 1.4.4 contains a patch for this vulnerability as well as another important bug fix. If your website or blog is using an outdated and vulnerable version, please don’t delay and update immediately!
Hats off to Marc-Alexandre Montpas of Sucuri for discovering the vulnerability and to the plugin author, Donncha Ã“ Caoimh for quickly addressing the security issues and releasing the patched version.
You can download the latest version – WP Super Cache 1.4.4 from the official WordPress plugin repository