A popular WordPress plugin, WP Fastest Cache, was discovered by Jetpack security researchers to have multiple vulnerabilities that could allow an attacker to assume full administrator privileges. The exploits affect over a million WordPress installations.
WP Fastest Cache Plugin Vulnerabilities Description
WP Fastest Cache is a WordPress plugin used by over a million websites. The plugin creates a static HTML version of the website.
There are multiple vulnerabilities that were discovered:
- Authenticated SQL Injection
- Stored XSS via Cross-Site Request Forgery
Authenticated SQL Injection
The Authenticated SQL Injection allows logged-in users to access administrator-level information through the database.
An SQL Injection vulnerability is an attack directed at the database, where website elements, including passwords, are stored.
A successful SQL Injection attack could lead to a full website takeover.
The Jetpack security bulletin described the seriousness of the vulnerability:
“If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
It can only be exploited if the classic-editor plugin is also installed and activated on the site.”
Stored XSS via Cross-Site Request Forgery
XSS (Cross-site Scripting) vulnerabilities result from a flaw in how inputs to the website are validated. Anywhere a user can input something to a website, like a contact form, might be vulnerable to an XSS attack if the input isn’t sanitized.
Sanitizing means restricting uploaded content to a limited expected input, like text and not scripts or commands. A flawed input allows an attacker to inject malicious scripts that can then be used to attack users who visit the site, like the administrator, and execute actions such as downloading malicious files to their browser or intercepting their credentials.
Cross-Site Request Forgery is when an attacker tricks a user, like a logged-in administrator, to visit the site and execute various actions.
These vulnerabilities depend on the classic-editor plugin being installed and that the attacker has some kind of user authentication, which makes it harder to exploit.
However, these vulnerabilities are still serious, and Jetpack recommends users upgrade their plugin to at least version 0.95 of WP Fastest Cache.
WP Fastest Cache version 0.95 was released on October 14, 2021.
According to Jetpack:
“If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.”
Jetpack Security Research Warning
The security researchers at Jetpack recommend that all users of WP Fastest Cache WordPress plugin update their plugin right away.
The Jetpack security researchers posted:
“We recommend that you check which version of the WP Fastest Cache plugin your site is using, and if it is less than 0.9.5, update it as soon as possible!”
Citation
Read the Jetpack Security Announcement About WP Fastest Cache Plugin
Multiple Vulnerabilities in WP Fastest Cache Plugin
