According to foreign media quoted the foreign security company reported that in the WordPress blog of a very famous caching plugins WP Super Cache exists Persistent XSSattack vulnerability. The attack will cause the attacker to obtain the site administrator's permission to steal the website data and databases. The affected plug-in version 1. 4. 4, according to the official effective download statistics, about more than 1 0 0 million WP blog affected by this vulnerability. Currently, the vulnerability has not been fixed, security experts recommended that open website firewall protect against attacks, or temporarily turn off this plug-in.
Vulnerability key position
Hack through an elaborate query, the attacker can insert a malicious script into the plugin cache file list page, the injected script can be used to perform a lot of other things, such as adding new administrator account to the site, through the use of WordPress theme editing tool to inject backdoors, etc.