WP-Super-Cache - Critical Vulnerability, Be sure to upgrade
As many as 1 million sites imperiled by dangerous bug in WordPress plugin
As many as a million websites could be imperiled by a critical vulnerability recently discovered in WP-Super-Cache, a WordPress plugin that generates static HTML files from dynamic WordPress blogs.
The persistent cross-site scripting bug allows attackers to insert malicious code into WordPress-published pages that use the extension, according to a blog post published Tuesday by security firm Sucuri. Anyone who relies on the plug in should immediately upgrade to version 1.4.4, which has fixes for that bug and several others.
<snip>
Full article: http://arstechnica.com/security/2015/04/as-many-as-1-million-sites-imperiled-by-dangerous-bug-in-wordpress-plugin
Recent Comments
16
The 1.4.4 version is what's listed in the article. If the plugin is already at a 4.0 or 4.1 level, that must be a typo. Since I don't have that particular plugin installed, I'm just going by what the article said.
That's totally understandable given the number of different plugins at various version numbers. :=) I just confirmed that the latest version is 1.4.4 as it's listed in the article. (I should have done that in response to your previous comment.)
Thanks for sharing Bob. I've disabled the plugin on my websites because it interferes with my ability to see the changes I make (in real time). ~Marion
As long as you have the plugin disabled, I don't think that your sites are exposed to this vulnerabilty. (Not 100% certain on that.) You may want to update it anyway just in case you do want to reenable it in the future.
I am a bit surprised, though, that the plugin keeps you from seeing changes as you're making them in your admin area. I would have expected that the cache would be cleared whenever you update a post or page.
I should have written in the past tense. I haven't checked it recently because of previous problems.
See more comments
Thanks for the heads up Bob! :)