Vulnerability in WP Super Cache

Posted on Apr07

A couple of important security updates have been released for the popular WP Super Cache plugin.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.

Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.

You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.

We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

About Chris

I work and play at WordPress.com, and spend my offline time drinking chai tea and running around in parks.

View all posts by Chris →

This entry was posted in General, Security and tagged Security. Bookmark the permalink.

2 Responses to Vulnerability in WP Super Cache

pickledhamster says:

April 13, 2015 at 6:45 pm

Are you attempting to update ALL Vaultpress customers, or only those with a Security Bundle subscription?
- Chris says:
  
  April 13, 2015 at 7:59 pm
  
  We attempted to update every VaultPress user’s site — whether or not they subscribed to the security feature.

Comments are closed.