We want to ensure that as many WordPress users as possible are informed about the pressing risk the recently discovered XSS vulnerability poses. Users of WP Super Cache should update to version 1.4.4 or later as soon as possible.
Hudson, FL (PRWEB) April 13, 2015
AHosting, a provider of premium WordPress hosting, has advised all users of the popular WP Super Cache plugin to update immediately. A vulnerability in the plugin was recently discovered by Sucuri. It could allow malicious third parties to inject arbitrary code into a WordPress site to create admin accounts and insert backdoors.
WordPress sites using versions of the plugin older than 1.4.4 — which was released to patch the vulnerability — are at risk. WP Super Cache is an extremely popular solution for WordPress performance optimization. It substantially improves performance by caching pages — essentially turning them into static pages that load more quickly than WordPress’s default dynamically generated pages.
“WP Super Cache is used by over a million WordPress publishers and bloggers, including hundreds that use our hosting platform,” commented Daniel Page, Director of Business Development at AHosting, Inc., “We want to ensure that as many WordPress users as possible are informed about the pressing risk the recently discovered XSS vulnerability poses. Users of WP Super Cache should update to version 1.4.4 or later as soon as possible.”
The vulnerability is a result of the way WP Super Cache manages the file it uses to to decide which cached files to load. Using a cross-site scripting attack, whereby an authenticated administrator is influenced to load a specifically created web page, attackers may be able to insert arbitrary scripts into this file. Those scripts could be used to carry out any number of actions against a site, essentially leaving it open to takeover by the attacker.
This vulnerability highlights the importance of keeping content management systems up-to-date. All complex software, including WordPress plugins, may exhibit unpredictable behaviour because of coding and design errors. Some of those behaviours will cause exploitable vulnerabilities. WP Super Cache was immediately updated to fix the vulnerability when it was discovered. The only way to get the fix is to update. WordPress and other content management system users should be vigilant and ensure that they run the newest versions of both their CMS and associated plugins.
AHosting is a managed web hosting provider with facilities in Orlando, FL, and Detroit, MI, owned and operated by AHosting, Inc., supplying hosting services that are truly beyond imagination. Since 2002, AHosting has established one of the web’s premier solutions for CMS hosting, reseller web hosting, multiple IP hosting, dedicated servers, and VPS hosting. For more information, visit http://www.ahosting.net.