WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks


Unauthorized attackers may be able to access the site’s database contents due to a SQL injection vulnerability in the WordPress plugin WP Fastest Cache.

A caching plugin called WP Fastest Cache is used to enhance user experience, accelerate page loading, and raise the website’s Google search engine rating. Statistics from WordPress.org show that over a million websites use it.Automattic’s WPScan team revealed today the specifics of a SQL injection vulnerability that affects all plugin versions prior to 1.2.2. The vulnerability is identified as CVE-2023-6063 and has a high severity level of 8.6.

Vulnerabilities related to SQL injection arise when programs take in input that directly modifies SQL queries. This can result in the execution of arbitrary SQL code that can extract confidential data or carry out commands.

Read More…