Connect with us


WP cache plugin vulnerabilities effects +1 million sites



WP cache plugin

The highly popular WP cache plugin is quite faster than Jetpack Security, he discovered. However, it has multiple vulnerabilities which could allow an attacker to get complete administrative privileges. The exploits have affected more than a million WordPress installations.

The WP Fastest cache comes in the form of a plugin that more than a million sites use. This plugin can create many HTML versions for a website.

There are plenty of vulnerabilities that are surfacing right now. It comes with the Authenticate SQL injection and the stored XSS via cross-site request forgery.

The authenticated SQL Injection lets a user access the information of administration level with the database. It is a kind of attack that gets directed at the database. It is where all the website elements like passwords get stored.

A successful SQL Injection attack can lead to a complete website takeover. The jet pack bulletin described the severity of the vulnerability. In case it exploits, then the bug could grant the attackers access to information from the database of the site.

The XSS vulnerability, on the other hand, is common. It results from a flaw in the inputs to the validation of a website. A user can input something to a site, or it can be much vulnerable to a kind of XSS attack in case the input does not get sanitized.

Sanitization means the restriction uploaded to a limited number of expected inputs. A flawed input can also allow that cover to inject malicious scripts used to attack visiting users.

Cross-site forgery comes into play when an attacker tricks a user into visiting a site and performing various actions. This vulnerability depends on the installation of the classic- editor plugin.

These vulnerabilities are very serious, and Jetpack recommends the users upgrade their plugin to the latest version, 0.95 of WP Fastest Cache.

The Security researchers at Jetpack recommend that all users of the WP cache plugin must update right away.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *