Securi has announced a vulnerability in the WordPress Plugin WP Super Cache which is used by many WordPress sites.
Quote:
|
...we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according to wordpress.org). The security issue, as well as another bug-fix that was included in the issue’s original patch, are fixed in version 1.4.4.
|
http://blog.sucuri.net/2015/04/secur...per-cache.html
Apparently WP Super cache was updated a few days ago to version 1.4.3 however that update contained a bug and Version 1.4.4 was released to address both the bug introduced with the 1.4.3 update and the XSS vulnerability.
If you are using the WP Super Cache Plugin you will want to immediately upgrade the plugin or disable if unable to upgrade immediatelty.
https://wordpress.org/plugins/wp-super-cache/
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team