14 DAY TRIAL // Some versions of the WP-Super-Cache plug-in for WordPress include a cross-site scripting (XSS) vulnerability that could allow an attacker to take control of the website.
The WordPress add-on is a caching engine designed to generate static HTML files from dynamic blogs. Its purpose is to avoid processing PHP scripts, an activity that requires increased time and web server resources to complete.
The result is a faster blog for visitors who do not access pages with dynamic content that needs to be constantly refreshed to present the latest version.
Flaw is remotely exploitable, easy to leverage
WP-Super-Cache currently has over 1 million active installations and more than 7 million downloads. Its popularity is also expressed by the number of daily downloads, which averages above 4,000.
Security researchers from Sucuri reported the remotely exploitable vulnerability to WP-Super-Cache developers, who released a new version, 1.4.4, that repairs the problem.
However, many users are still relying on previous builds of the plug-in that are susceptible to attacks. Using a specially crafted query, a threat actor could add malicious scripts to the cached files published by the component.
Sucuri classified the vulnerability with a severity score of 8 out of 10 and says that taking advantage of it is an easy task.
User-provided data not sanitized
The risks involved include the possibility to add a new admin account to the website or inject backdoors.
The issue stems from improper sanitization of the information originating from the user and added to the static pages generated by WP-Super-Cache.
As such, the content stored by the cache file’s key of the “$details” variable could be injected with malicious code that can execute on the server.
“As this page requires a valid nonce [randomly generated number used one time only during an authentication process] in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually,” Marc-Alexandre Montpas from Sucuri said in a blog post on Tuesday
Anyone using a version of WP-Super-Cache earlier than 1.4.4 is strongly recommended to update. The current version works with WordPress 3.0 or above.