A couple of important security updates have been released for the popular WP Super Cache plugin.
The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.
Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.
You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.
We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.
As always, if you have any questions, drop us a line!
Are you attempting to update ALL Vaultpress customers, or only those with a Security Bundle subscription?
We attempted to update every VaultPress user’s site — whether or not they subscribed to the security feature.