Vulnerability in WordPress plugin "WP Fastest Cache
On October 14, the Jetpack Scan team published a recently discovered SQL injection bug. If exploited, this bug can give attackers access to sensitive information from the database, such as usernames and encrypted passwords. A prerequisite for exploiting the vulnerability is the use of the Classic Editor plugin in the backend (installed and enabled).
SQL injection and stored XSS using CSRF
Affected plugins: WP Fastest Cache/ Classic Editor
The Jetpack Scan team published a recently discovered security-related vulnerability in the popular "WP Fastest Cache" plugin, which occurs in conjunction with the "Classic Editor" plugin. The following information should serve to provide an indication of the issue as soon as possible and ensure a point of contact for those seeking assistance.
WP Fastest Cache has a serious security vulnerability
SQL injection with XSS and CSFR
On October 14, the Jetpack Scan team published a recently discovered SQL injection bug. If exploited, this bug can give attackers access to sensitive information from the database, such as usernames and encrypted passwords. A prerequisite for exploiting the vulnerability is the use of the Classic Editor plugin in the backend (installed and enabled).
Now, if by means of CSRF (cross-site request forgery) and stored (persistent) cross-site scripting (XSS) the WP web application was infiltrated, it is possible for the attacker to perform any action of the administrator who was targeted by the attack.
More than a million WP sites use the WP Fastest Cache plugin.
If we already regularly update your WordPress instances, they are already secure.
If you have any questions, simply contact our experts , we will be happy to help you check the specific security gap and keep your WordPress installation up to date.