Vulnerability in WP Super Cache

A couple of important security updates have been released for the popular WP Super Cache plugin.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.

Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.

You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.

We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

About Chris

I work and play at WordPress.com, and spend my offline time drinking chai tea and running around in parks.
This entry was posted in General, Security and tagged . Bookmark the permalink.

2 Responses to Vulnerability in WP Super Cache

  1. Are you attempting to update ALL Vaultpress customers, or only those with a Security Bundle subscription?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s