Security Audit Reveals Major Vulnerability In A Popular WordPress Plugin, Update ASAP
The WP Fastest Cache development team was immediately alerted to this vulnerability by WPScan, which lead to the 1.2.2 update that contains the fix for this issue. It’s strongly recommended that WordPress administrators who have this plugin currently installed apply the update as quickly as possible to minimize any harm to their websites.
WPScan went into the nitty gritty details regarding the vulnerability, explaining how a function found in the plugin’s code is the culprit. According to WPScan, "The function retrieves the $username variable from any cookie with the text wordpress_logged_in in its name, retrieving everything up to the first | character. The variable is then inserted into the query without escaping. Note that this function is called at plugin load time, which is before wp_magic_quotes() has been called on the request data."
Since the results from the SQL query are not used anywhere outside of this function, there is no direct way to retrieve them. However, a time‑based blind SQL injection payload can easily extract any information from the database using this vulnerability.”
WPScan is a WordPress security service that scans for vulnerabilities in the popular content management system, and maintains a database that catalogs 43,655 WordPress core, plugin, and theme vulnerabilities.