A popular WordPress plugin has been discovered to be vulnerable to a high severity vulnerability. This is Edwin Kwan from Sydney Australia. The popular WordPress Plugin WP Fastest Cache is found to be vulnerable to an SQL injection vulnerability. This could potentially allow attackers to read contents of the website’s database. The plugin provides caching functionality to speed up page loads improve visitor experience, and boost the site’s ranking on Google search. The plugin is used by over a million websites. The SQL injection vulnerability, which is tracked as CVE-2023-6063 has a severity score of 8.6 and affects plugin versions 1.2.1 and below. There are currently more than 600K websites that are using the vulnerable version and are potentially exposed to the vulnerability. The vulnerability has been fixed in version 1.2.2. WPScan will be releasing a proof of concept exploit on November 27 2023 and all users of the plugin are strongly recommended to upgrade to the latest version as soon as possible.
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-11-17-open-source-and-cybersecurity-headlines/