There was a problem loading the comments.

Security Advisory: Persistent XSS in WP-Super-Cache

Support Portal  »  News  »  Viewing Article

Security Risk: Dangerous
Exploitation level: Very Easy/Remote
DREAD Score: 8/10
Vulnerability: Persistent XSS
Patched Version: 1.4.4

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.

An update for WP Super Cache was recently released to address a critical XSS security vulnerability. We recommend that you update the plugin as soon as possible.

Official Link:

Share via
Did you find this article useful?  

Related Articles


Add Comment

Replying to  

Self-Hosted Help Desk Software by SupportPal