Skip to content

Android Tutorial Station

Vulnerability in WordPress cache plugins

Recently, a serious vulnerability has been discovered in WordPress cache plugins including the famous WP Super Cache (vulnerable version 1.2 and lower) and W3 Total Cache (vulnerable version and lower).

If you are reading this article and you have a vulnerable version of WordPress cache plugins, update it immediately!

How does vulnerability work in WordPress cache plugins?

To begin with, we must comment that it is a vulnerability of the type “ Remote Code Execution Vulnerability ” or in other words that allows code execution on our server , which opens the doors to hackers to access our server and steal information Or do some destruction.

The failure is generated because the cache plugins allow to establish parts of the code as dynamic so as not to be cached, in all of them the mfunc function is used that allows to include PHP code and that is not cached but executed, then the PHP code is entered in a comment and this is executed, for example:

  <!–mfunc echo PHP_VERSION; –><!–/mfunc–> 

In WP Super Cache there were also two other functions to mark the content as dynamic and to be able to execute code that were dynamic-cached-content and mclude , whose use is:

  <!--dynamic-cached-content--><?php include_once( ABSPATH . '/scripts/adverts.php' ); print_sidebar_ad(); do_more_stuff(); ?><!-- include_once( ABSPATH . '/scripts/adverts.php' ); print_sidebar_ad(); do_more_stuff(); --><!--/dynamic-cached-content--> 

This code includes the adverts.php file and executes the functions print_sidebar_ad() and do_more_stuff() .

  <!--mclude file.php--> <?php include_once( ABSPATH . 'file.php' ); ?> <!--/mclude--> 

This code includes the file.php file.

How to protect yourself from vulnerability in WordPress cache plugins?

The first thing is to update the cache plugin to its latest version immediately. The updated versions bring the vulnerable functions that allow code injection completely disabled, so this step should be sufficient.

To check if our blog is vulnerable we can enter in a comment:

  <!–mfunc echo PHP_VERSION; –><!–/mfunc–> 

If after posting the comment we see that the PHP version is displayed, our blog is vulnerable.

In short, keep the plugins up to date and you won’t have problems .

No comments yet.

Leave a Reply

Your email address will not be published.

Comments (0)