Most people would love to see Web pages load faster, but security experts are warning that a vulnerability in a WordPress plugin designed to speed up page load times could let cybercriminals hack their way in and even add new administrators for more than 1 million sites.

In a widely cited blog post from Sucuri, a researcher says a popular tool called WP Super Cache could be exploited to create special requests to inject scripts with malware into a site and perform a variety of functions. This particular WordPress plugin vulnerability is a big deal because in theory, WP Super Cache speeds up site performance by generating static HTML pages to process and load pages.

As Ars Technica explained, cross-site scripting (XSS) attacks are fairly easy to do in this kind of situation because cybercriminals could merely look at the cache file key to find information they need and add malicious commands. The fallout could include back doors by making use of tools associated with many WordPress themes.

Fortunately, all that’s necessary to fend off the threat is an upgrade to Version 1.4.4 of WP Super Cache, Computerworld reported. That means a lot of upgrading, though, since the plugin has already estimated to have been downloaded more than 130,000 times in just the past week. The tool is also popular because it helps sites perform well during periods of heavy site traffic and helps display pages on social media sites such as Digg.

However, authorities aren’t leaving it up to security vendors to spread the word. The FBI has already issued a warning that supporters of the Islamic State group, among other groups, might be targeting a number of WordPress sites already. As SC Magazine noted, the FBI advisory did not mention the WP Super Cache WordPress plugin vulnerability, but it’s coincidental that it was discovered on the same day the advisory went out.

Although cybercriminals are always looking for new ways to penetrate online security systems, an article on The Register referred to the WP Super Cache problem as just one of many WordPress issues that have cropped up. This is all the more reason for those using the platform to be more vigilant about patching as regularly as possible. In fact, depending on how much worse these site attacks become, waiting a few extra seconds for a page to load might not seem so bad after all.

Image Source: iStock

More from

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…