A new security alert reporting a WP Super Cache vulnerability has been reported. This is a serious security flaw and requires an immediate update of this popular plugin. The plugin code has been patched to correct the problem. If you are running any version of WP Super Cache prior to v1.4.4, please update immediately.
NOTE: If you are a client of mine and your site uses this plugin, it has already been updated.
What Is WP Super Cache?
WP Super Cache is used on many WordPress sites to help speed up the loading of the site. As you may know, one of Google’s many site ranking criteria is page load speed. Many WordPress sites are loaded down with bloated themes, too many plugins and other factors that cause the site to load slowly. WP Super Cache is one of several plugins available to try to overcome these problems and help the site load faster.
What Is Caching, Anyway?
A cache, in web terms, is a storage method that keeps track of images and scripts and the like that were last loaded to render a web page. The objects are stored in the cache so that the next time the object is referenced, it’s already loaded and doesn’t need to be retrieved from the server again.
From the visitor’s side, the browser caches these objects. This can save a lot of time by making it unnecessary to reload the object from the server, download it to the browser and then display it. You have probably been asked to “clear your browser cache” on more than one occasion. Without going into excruciating detail, this simply clears out all objects from the cache and forces them to be reloaded from the web server. This insures that you have the latest version of each object displayed on the web page.
So, What’s The Problem?
The problem found in WP Super Cache is a cross-site scripting vulnerability. This simply means that it’s possible for an attacker to inject malware into pages created by the plugin when it displays information. While it would take some doing to accomplish it, the fact that it’s possible makes it a serious security flaw.
If you use this plugin, be sure it’s at version 1.4.4.
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net