Heads up, WordPress admins! Make sure to update your websites with the latest WP Fastest Cache plugin release as it addresses some serious vulnerabilities.
WP Fastest Plugin Vulnerabilities
Researchers from Jetpack have shared details about multiple vulnerabilities that they found in the WP Fastest Cache plugin. It’s a popular plugin, boasting over 1 million active installations, empowers websites’ speed with shorter page load times.
As elaborated in their blog post, the researchers spotted two different security bugs in the plugin.
One of these includes an SQL injection vulnerability (CVE-2021-24869). Having achieved a CVSS score of 7.7, this vulnerability would allow an authenticated adversary to access sensitive data from the target site’s database, including usernames and passwords.
The other vulnerability, CVE-2021-24869, is a critical stored XSS via CSRF vulnerability that received a CVSS score of 9.6. Due to a lack of validation during user privilege checks, the plugin allowed an adversary to perform any desired action on the target website. Hence, an adversary could even store malicious JavaScript codes on the site.
Describing the details of this issue, the researchers stated,
The CdnWPFC::save_cdn_integration() method is used by the
wp_ajax_wpfc_save_cdn_integration
AJAX action to set-up CDN-specific options. While it did perform privilege checks like current_user_can() to ensure whoever sent that request is allowed to change those settings, it did not validate that they intended to, which is what nonce checks do.
Vendors Patched The Bugs
Upon discovering the vulnerabilities, Jetpack informed the developers about the matter. As mentioned, the authors initially hesitated to acknowledge the CSRF. However, they later recognized the flaw after the researchers provided them with a proof of concept.
Consequently, they patched the bugs and released fixes with WP Fastest Cache version 0.9.5. So now, all WordPress users having this plugin running on their websites should update the plugin version to remain protected.