November 14, 2023 at 06:34PM
The WordPress plugin WP Fastest Cache has an SQL injection vulnerability that could allow attackers to access the site’s database. Over 600,000 websites are still using a vulnerable version of the plugin. The vulnerability affects all versions before 1.2.2. An exploit will be released on November 27, 2023, and users are advised to update to version 1.2.2 to fix the issue.
Key Points from Meeting Notes:
– The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability.
– The vulnerability allows unauthenticated attackers to read the contents of the site’s database.
– WP Fastest Cache is a popular caching plugin used to speed up page loads and improve user experience.
– Over 600,000 websites are still running a vulnerable version of the plugin.
– The vulnerability is tracked as CVE-2023-6063 and has a high-severity score of 8.6.
– The flaw affects the ‘is_user_admin’ function of the ‘WpFastestCacheCreateCache’ class within the plugin.
– By manipulating the ‘username’ value in cookies, an attacker can access the database unauthorized.
– WordPress databases contain sensitive information like user data, passwords, and configuration settings.
– WPScan will release a proof-of-concept exploit for the vulnerability on November 27, 2023.
– A fix has been released in version 1.2.2 of the WP Fastest Cache plugin, and all users are advised to update.