Security News > 2023 > November > WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site's ranking on Google search.
Download statistics from WordPress.org show that more than 600,000 websites still run a vulnerable version of the plugin and are exposed to potential attacks.
In this case, the flaw impacts the 'is user admin' function of the 'WpFastestCacheCreateCache' class within the WP Fastest Cache plugin, which is intended to check if a user is an administrator by extracting the '$username' value from cookies.
WordPress databases typically include sensitive information like user data, account passwords, plugin and theme configuration settings, and other data necessary for the site's functions.
Hackers exploit critical flaw in WordPress Royal Elementor plugin.
News URL
Related news
- CoralRaider attacks use CDN cache to push info-stealer malware (source)
- WP Automatic WordPress plugin hit by millions of SQL injection attacks (source)
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
- Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites (source)