More threads by djbaxter


Jun 28, 2012
Reaction score
Persistent XSS Vulnerability Discovered in WP Super Cache Plugin
by Sarah Gooding, WordPress Tavern
April 8, 2015

The security team at Sucuri has issued an advisory for WordPress users who have the WP Super Cache plugin activated on their sites. The popular caching plugin contains a dangerous persistent XSS vulnerability that was promptly patched in its 1.4.4 release.

Sucuri ranks the risk as ?Dangerous? with a DREAD score of 8/10. Exploiting the vulnerability is relatively easy for an attacker intent on injecting a backdoor. Sucuri breaks down the technical details of the threat as follows:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin?s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site?s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.

Make certain your plugins are updated to the latest versions!


Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

LocalU Event

Live Webinar - Local SEO Audits

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom