In September 2021, security researchers at Jetpack discovered two critical vulnerabilities in a previous version of the popular WordPress plugin WP Fastest Cache after performing an in-depth code audit. This plugin creates a static, HTML version of the WordPress user’s website, and was developed to help WordPress site owners improve their site’s security performance.
Ironically enough, for a short period of time security performance was impacted on some sites with the plugin installed. Attackers taking advantage of these newfound vulnerabilities could be allowed full, unmitigated administrator privileges to any WordPress site with the Classic Editor plugin installed, allowing them to do anything an authorized admin could do.
Although the vulnerabilities have since been fixed, the WP Fastest Cache plugin has been downloaded and installed onto WordPress sites over one million times—there’s no telling how many installations have yet to be updated.
The WP Fastest Cache vulnerabilities include:
These vulnerabilities affect site owners, and especially their users, by stealing and intercepting critical information such as usernames, passwords, credit card information, and much more. Essentially, for sites that are exposed to these two vulnerabilities due to an outdated installation of WP Fastest Cache, attackers would be able to perform any action a logged in administrator to that site is allowed to do.
After Jetpack contacted the plugin developer about the existence of the vulnerability on September 28, and their development team received a second opinion from the WordPress plugin team in early October, the developer released an update designed to fix the issues for any and all WP Fastest Cache users on October 11.
Keeping any plugins you have installed on your WordPress site updated with the latest versions ensures the site will remain as secure as possible. Many plugin developers are responsive to newly discovered vulnerabilities and exploits against their plugins and will release updates to address any and all issues found. Site owners using the WP Fastest Cache plugin for WordPress should immediately update their installment to the latest version—0.9.5 as of this writing—to protect their site against these newly discovered vulnerabilities.
Before you install a plugin, be sure to check what others are saying about it—particularly in regards to how secure it is. Regularly perform audits of the plugins you have previously installed and remove those you’re not using to mitigate potential security risks. Finally, make sure plugins you want to continue using are always updated to keep your device and your data as secure as possible
SiteLock helps site owners secure their websites by quickly finding and fixing existing and potential threats and vulnerabilities. Equipped with strong security tools and solutions, our team of experts scan websites, patch vulnerabilities, remove malware, and more for top-tier clients who use and depend on web platforms such as WordPress, Joomla, Magento and more.
Here’s how SiteLock can help defend your website against modern cyberthreats:
There will always be new vulnerabilities exposed by curious programmers and malicious actors alike—make sure to stay informed and stay updated. Learn more about how SiteLock can secure it with best-in-class, automatic website threat protection.