A critical vulnerability in a popular WordPress plugin, WP Fastest Cache, has left over 600,000 websites susceptible to cyberattacks.
The plugin’s flaw, identified as CVE-2023-6063, allows unauthorized individuals to inject malicious code into the website’s database, potentially gaining access to sensitive information or even taking control of the site.
The WPScan team from Automattic disclosed the details of an SQL injection vulnerability, tracked as CVE-2023-6063, and with a high-severity score of 8.6, impacting all versions of the plugin before 1.2.2.
SQL injection vulnerabilities occur when software accepts input that directly manipulates SQL queries, leading to running arbitrary SQL code that retrieves private information or command execution.
In this case, the flaw impacts the ‘is_user_admin’ function of the ‘WpFastestCacheCreateCache’ class within the WP Fastest Cache plugin, which is intended to check if a user is an administrator by extracting the ‘$username’ value from cookies.
Because the ‘$username’ input isn’t sanitized, an attacker may manipulate this cookie value to alter the SQL query executes by the plugin, leading to unauthorized access to the database.
WordPress databases typically include sensitive information like user data (IP addresses, emails, IDs), account passwords, plugin and theme configuration settings, and other data necessary for the site’s functions.
WPScan will release a proof-of-concept (PoC) exploit for CVE-2023-6063 on November 27, 2023, but it should be noted that the vulnerability isn’t a complex one and hackers can figure out how to exploit it.
A fix has been made available by the WP Fastest Cache developer in version 1.2.2, released yesterday. All users of the plugin are recommended to upgrade to the latest version as soon as possible.
