Vulnerability in WordPress plugin "WP Fastest Cache

On October 14, the Jetpack Scan team published a recently discovered SQL injection bug. If exploited, this bug can give attackers access to sensitive information from the database, such as usernames and encrypted passwords. A prerequisite for exploiting the vulnerability is the use of the Classic Editor plugin in the backend (installed and enabled).

  • Vulnerability in WordPress plugin "WP Fastest Cache
  • Vulnerability in WordPress plugin "WP Fastest Cache
  • Vulnerability in WordPress plugin "WP Fastest Cache
  • Vulnerability in WordPress plugin "WP Fastest Cache
  • Vulnerability in WordPress plugin "WP Fastest Cache
Vulnerability in WordPress plugin "WP Fastest Cache
© Oleksii / #207793644 - stock.adobe.com

SQL injection and stored XSS using CSRF

Affected plugins: WP Fastest Cache/ Classic Editor

The Jetpack Scan team published a recently discovered security-related vulnerability in the popular "WP Fastest Cache" plugin, which occurs in conjunction with the "Classic Editor" plugin. The following information should serve to provide an indication of the issue as soon as possible and ensure a point of contact for those seeking assistance.

WP Fastest Cache has a serious security vulnerability

SQL injection with XSS and CSFR

On October 14, the Jetpack Scan team published a recently discovered SQL injection bug. If exploited, this bug can give attackers access to sensitive information from the database, such as usernames and encrypted passwords. A prerequisite for exploiting the vulnerability is the use of the Classic Editor plugin in the backend (installed and enabled).

Now, if by means of CSRF (cross-site request forgery) and stored (persistent) cross-site scripting (XSS) the WP web application was infiltrated, it is possible for the attacker to perform any action of the administrator who was targeted by the attack.

More than a million WP sites use the WP Fastest Cache plugin.
If we already regularly update your WordPress instances, they are already secure.

If you have any questions, just contact our experts, we will be very happy to assist you in checking the specific vulnerability and keeping your WordPress installation permanently up to date.

Vulnerability in WordPress plugin "WP Fastest Cache

I am looking forward to you

Christian Eichinger
Office Manager
Vulnerability in WordPress plugin "WP Fastest Cache Vulnerability in WordPress plugin "WP Fastest Cache