WP Fastest Cache Plugin Exposes Over 600K+ WordPress Sites to SQL Injection Attacks

In a recent development, the WPScan team has unearthed a significant security flaw within the widely-used WP Fastest Cache plugin. 

This vulnerability, categorized as an unauthenticated SQL injection, could potentially grant unauthorized access to sensitive data in the WordPress database.

EHA

The vulnerability, identified as CVE-2023-6063, affects versions of WP Fastest Cache lower than 1.2.2. 

Upon making this discovery during an internal review, the team at WPScan acted swiftly to inform the plugin’s development team. 

In response, the developers promptly released version 1.2.2 to address and rectify the issue.

Examining the vulnerability

The crux of the vulnerability lies in the is_user_admin function of the WpFastestCacheCreateCache class, which is susceptible to SQL injection. 

This function is invoked from the createCache function, presenting a potential entry point for malicious actors.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Notably, the vulnerability is aggravated by the fact that the function is executed at plugin load time before the application’s data is sanitized by wp_magic_quotes().

To exploit this vulnerability, an unauthenticated attacker could manipulate the $username variable, obtained from a specific cookie, to inject a time-based blind SQL payload. 

This could, in turn, lead to the extraction of sensitive information from the WordPress database.

Mitigation

Administrators utilizing WP Fastest Cache must take immediate action by updating their installations to version 1.2.2. 

This update serves as a crucial safeguard against potential exploitation of the identified vulnerability.

WPScan plans to publish an entry on Nov. 27, 2023, for further details and proof-of-concept illustrating this security concern. 

Website administrators and users alike are advised to stay vigilant and informed about the latest security updates to ensure the integrity and security of their WordPress installations.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Guru Baran
https://cybersecuritynews.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.