by: DonnchaPosted on:

WP Super Cache 1.4.4

WP Super Cache is a full page caching plugin for WordPress. It creates static pages that are served quickly by the web server.

Light Trails in Blarney

Over the weekend there was a flurry of excitement as not one, but two releases of the plugin were made in quick succession. The second to fix a bug introduced in the first. I’m very sorry about that.

WP Super Cache 1.4.3 fixed a security bug in the cache file listing section of the plugin settings page. A carefully crafted query by a third party would cause an XSS in the file listing. While serious, the owner of the blog cannot be tricked into loading the file listing page by way of an image or public link as a nonce is required to load it. The attacker would have to ask the blog owner to visit the cache listing page manually. Thanks to Marc Montpas from Sucuri for reporting that.

WP Super Cache 1.4.4 fixed a bug introduced in the previous version where queries with GET parameters caused a fatal error. Thanks to webaware on the WordPress.org forums for reporting that and including a patch to fix it.

If you’re using an older version of WP Super Cache you’re encourage to upgrade to 1.4.4 as soon as you can.

2 thoughts on “WP Super Cache 1.4.4

  1. Pingback: Vulnerability in WP Super Cache | VaultPress Blog
  2. Pingback: WordPress WP Super Cache Plugin Security Vulnerability Patch | Threatpost | The first stop for security news

Leave a Reply

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close