WP blog famous plugins WP Super Cache there is XSS vulnerability-vulnerability warning-the black bar safety net

2015-04-09T00:00:00
ID MYHACK58:62201560979
Type myhack58
Reporter 佚名
Modified 2015-04-09T00:00:00

Description

According to foreign media quoted the foreign security company reported that in the WordPress blog of a very famous caching plugins WP Super Cache exists Persistent XSSattack vulnerability. The attack will cause the attacker to obtain the site administrator's permission to steal the website data and databases. The affected plug-in version 1. 4. 4, according to the official effective download statistics, about more than 1 0 0 million WP blog affected by this vulnerability. Currently, the vulnerability has not been fixed, security experts recommended that open website firewall protect against attacks, or temporarily turn off this plug-in.

!

Vulnerability key position

Hack through an elaborate query, the attacker can insert a malicious script into the plugin cache file list page, the injected script can be used to perform a lot of other things, such as adding new administrator account to the site, through the use of WordPress theme editing tool to inject backdoors, etc.