- Remote Code Execution (RCE) Vulnerability
- Authenticated Remote Code Execution Vulnerability
- Patch was released update immediately
Automattic has discovered a vulnerability in WP Super Cache. The vulnerability could allow a hacker to upload and execute malicious code, usually with the intent to gain control of the site.
Remote Code Execution (RCE) Vulnerability
A bug was announced today that exposes WP Super Cache users to an authenticated remote code execution (RCE) vulnerability.
Remote Code Execution is an exploit that allows an attacker to exploit a bug that allows them to upload and execute malicious code.
Read on below
The usual intent is to upload and run PHP code that will then allow you to install backdoors, access and make changes to the database, and gain control of the site at the administrator level.
Once an attacker has administrative-level control, the site is effectively under their control.
According to the glossary published on Wordfence.com, this is the definition of remote code execution
“Remote Code Execution (RCE) occurs when an attacker can upload and execute code on your website.
A bug in a PHP application can accept user input and evaluate it as PHP code. For example, this could allow an attacker to instruct the website to create a new file of code that would give the attacker full access to your website.
If an attacker submitted code to your web application and executed it and allowed the attacker access, they were exploiting an RCE vulnerability. This is a very serious vulnerability because it is typically easy to exploit and would allow an attacker full access as soon as it is exploited. "
Read on below
Authenticated Remote Code Execution Vulnerability
WP Super Cache contains a variant of the RCE exploit known as Authenticated Remote Code Execution.
An authenticated remote code execution vulnerability is an attack that would require the attacker to first register with the site.
The registration level required depends on the specific vulnerability and can vary.
Sometimes it has to be a registered user with editing rights. In the worst case, the attacker only needs the lowest level of registration, e.g. B. a subscriber level.
No details have been released as to what type of authentication is required for the exploit.
This is the additional detail that was revealed:
"Authenticated Remote Code Execution (RCE) Vulnerability (Settings Page) Detected …"
Patch was released update immediately
Automattic, the developer of WP Super Cache, has updated the software. Publishers using the plugin should consider upgrading to the latest version 1.7.2.
Each software manufacturer publishes a change log that tells users what is in an update so they know why the software is being updated.
According to the changelog for WP Super Cache version 1.7.2:
"Authenticated RCE on the settings page has been fixed."
If the software is not updated, some publishers may be exposed to undesired intrusion.
WordPress WP Super Cache Plugin <= 1.7.1 – Vulnerability in RCE (Authenticated Remote Code Execution)
WP Super Cache Changelog