Popular WordPress plugin WP Fastest Cache plugin was discovered by Jetpack security researchers to have multiple vulnerabilities that could allow an attacker to assume full administrator privileges. The exploits affect over a million WordPress installations.
WP Fastest Cache Plugin Vulnerabilities Description
WP Fastest Cache is a WordPress plugin used by over a million WordPress websites. The plugin creates a static HTML version of the website.
There are multiple vulnerabilities that were discovered:
- Authenticated SQL Injection
- Stored XSS via Cross-Site Request Forgery
Advertisement
Continue Reading Below
Authenticated SQL Injection
The Authenticated SQL Injection allows a logged-in users to access administrator level information through the database.
A SQL Injection vulnerability is an attack that’s directed at the database, which is where the website elements, including passwords, are stored.
A successful SQL Injection attack could lead to a full website takeover.
The Jetpack security bulletin described the seriousness of the vulnerability: