WP Fastest Cache Patches Authenticated SQL Injection and Stored XSS Via CSRF Vulnerabilities

WP Fastest Cache Patches Authenticated SQL Injection and Stored XSS Via CSRF Vulnerabilities

The Jetpack Scan workforce has revealed a abstract of 2 problems not too long ago came upon within the WP Fastest Cache plugin – an Authenticated SQL Injection vulnerability and a Stored XSS Via CSRF vulnerability. “If exploited, the SQL Injection malicious program may grant attackers get admission to to privileged knowledge from the affected web page’s database (e.g., usernames and hashed passwords),” Automattic safety analysis engineer Marc Montpas stated. This explicit vulnerability can most effective be exploited on websites the place the Classic Editor plugin is each put in and activated. “Successfully exploiting the CSRF and Stored XSS vulnerability may allow unhealthy actors to accomplish any motion the logged-in administrator they centered is authorized to do at the centered web page,” Montpas stated. He additionally discovered that attackers may “abuse a few of these choices to retailer rogue Javascript at the affected website.” WP Fastest Cache is energetic on greater than 1 million WordPress websites, and the plugin additionally experiences 58,322 paid customers. Emre Vona, the plugin’s creator, patched the vulnerabilities in model 0.9.5, launched this week. Jetpack recommends customers replace once imaginable, as each vulnerabilities have a top technical affect if exploited.  » Read More

Like to keep reading?

This article first appeared on wptavern.com. If you'd like to keep reading, follow the white rabbit.

View Full Article

Leave a Reply