The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.
Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.
You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.
We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.
As always, if you have any questions, drop us a line!