The Jetpack Scan team has published a summary of two issues recently discovered in the WP Fastest Cache plugin – an Authenticated SQL Injection vulnerability and a Stored XSS Via CSRF vulnerability.
“If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords),” Automattic security research engineer Marc Montpas said. This particular vulnerability can only be exploited on sites where the Classic Editor plugin is both installed and activated.
“Successfully exploiting the CSRF and Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site,” Montpas said. He also found that attackers could “abuse some of these options to store rogue Javascript on the affected website.”
WP Fastest Cache is active on more than 1 million WordPress sites, and the plugin also reports 58,322 paid users. Emre Vona, the plugin’s author, patched the vulnerabilities in version 0.9.5, released this week. Jetpack recommends users update as soon as possible, as both vulnerabilities have a high technical impact if exploited.
In WP Fastest Cache changelog there is only a generic:
to add nonce security system for cdn saving
It should be more accurate.