Vulnerabilities in the Cache Plugin risks over 1 million sites

One of the most popular WordPress Cache plugins found at risk of security vulnerabilities. The vulnerabilities were found in the WP Fastest Cache plugin which has over 1 million active sites using it.

The issues 1. Authenticated SQL Injection vulnerability and 2. A Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue. The issues were reported by Jetpack on October 14th through a post.

The post explains more about the details of the two vulnerabilities. Which have the same CVE ID (CVE-2021-24869), but different descriptions and CVSS scores (7.7 / “High” and 9.6 / “Critical”).

More on the Vulnerabilities

Authenticated SQL Injection

Affected versions: < 0.9.5

CVE-ID: CVE-2021-24869

CVSSv3.1: 7.7

CWSS: 73.6

The SQL Injection flaw, if exploited, might provide attackers access to sensitive information from the vulnerable site’s database (e.g., usernames and hashed passwords). It only used if the classic-editor plugin also installed and enabled on the site.

Stored XSS Via CSRF

Affected versions: < 0.9.5

CVE-ID: CVE-2021-24869

CVSSv3.1: 9.6

CWSS: 74.7

Successfully exploiting the CSRF and Stored XSS vulnerabilities may allow bad actors to take any activity that the logged-in administrator they targeted permitted to perform on the targeted site.

If you haven’t upgraded the plugin yet, we strongly advise you to do so right now. Please verify if you are using 0.9.5; if you are using any of the versions below, please update immediately.

Such vulnerabilities already reported in WordPress plugins. One plugin, Access Demo Importer, was discovered to have a security problem this month. If exposed, the flaw might allow attackers with subscriber-level access to upload arbitrary files, potentially resulting in remote code execution.

Before that, we reported two issues in the WooCommerce Multi-Currency plugin and Form Plugin. In addition, to learn more about these issues you can check those links.

Follow us on Facebook, Twitter to stay updated on the latest plugin vulnerabilities, guides about WordPress and WooCommerce.

You may also like:

9 Best Code Editors for WordPress Developers

7 Best WooCommerce Product Image Zoom Plugins


About the Author:

He is an enthusiastic writer and WordPress user. He writes on WordPress, WooCommerce, E-Commerce, and open-source projects.

Leave A Comment