Hit enter to search or ESC to close
The Jetpack Scan team recently published a summary of two issues discovered in the WP Fastest Cache plugin – a certified SQL injection vulnerability and an archived XSS Via CSRF vulnerability.
“If exploited, the SQL injection bug could give attackers access to privileged information from the affected site’s databases (eg, usernames and hashed passwords),” said Mark Montpas, Automated Security Research Engineer. This particular vulnerability can only be exploited on sites where the Classic Editor plugin is both installed and activated.
WP Fastest Cache is active on over 1 million WordPress sites, and the plugin also reports 58,322 paid users. Plugin author Emre Vona fixed the vulnerabilities in version 0.9. Jetpack advises users to update as soon as possible, as both vulnerabilities have high technical implications if they are exploited.
like It’s loading…
About the author