A caching plugin currently used by over one million WordPress sites was susceptible to a cross-site scripting (XXS) vulnerability that could allow an attacker to inject a backdoor or add a new administrator. If you use the WP Super Cache plugin, then make sure it is updated to the newest version, 1.4.4, which the developers released to resolve the remotely exploitable vulnerability reported to them by Sucuri.

The WP Super Cache plugin generates static HTML files instead of processing PHP scripts so the pages will load faster. The free plugin generally delivers a decent performance boost and reduces the load on a server. “This plugin will help your server cope with a front page appearance on digg.com or other social networking site.” The developers added, “Supercache really comes into its own if your server is underpowered, or you’re experiencing heavy traffic.” It’s a popular plugin that over seven million total sites have downloaded; yesterday WP Super Cache was downloaded over 22,000 times, with over 130,000 downloads last week.

To read this article in full or to leave a comment, please click here