Wordpress Wordpress Super Cache plugin users Update for security fix !

eva2000 · Apr 8, 2015

Ouch all Wordpress Super Cache Plugin users need to update their plugin for security fix As many as 1 million sites imperiled by dangerous bug in WordPress plugin | Ars Technica

As many as a million websites could be imperiled by a critical vulnerability recently discovered in WP-Super-Cache, a WordPress plugin that generates static HTML files from dynamic WordPress blogs.

The persistent cross-site scripting bug allows attackers to insert malicious code into WordPress-published pages that use the extension, according to a blog post published Tuesday by security firm Sucuri. Anyone who relies on the plug in should immediately upgrade to version 1.4.4, which has fixes for that bug and several others.

Sucuri researcher Marc-Alexandre Montpas wrote:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc
Click to expand...

.
The bug lies in the way WP-Super-Cache displays information stored in the cache file key. In vulnerable versions, user-supplied data was appended to the page contents without being scrubbed clean of any potentially malicious commands.
Click to expand...

If you used wp-cli addon tool to update or install Wordpress Centmin Mod Addons for Menu based Nginx installer for CentOS servers you can easily update your plugins via these commands run within your wordpress install directory

If wordpress installed at /home/nginx/domains/newdomain2.com/public/, change to wordpress install directory. Then check wp-cli tool for updates, then check all wordpress plugin status (U will be marked on plugins that have updates available) and then update all plugins.
Code:
cd /home/nginx/domains/newdomain2.com/public/
wp cli update --allow-root
wp plugin status --allow-root
wp plugin update --all --allow-root
or to update an individual wordpress plugin, i.e. backupwordpress specify it on wp plugin update
Code:
wp plugin update backupwordpress --allow-root  

Downloading update from https://downloads.wordpress.org/plugin/backupwordpress.3.2.4.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Success: Updated 1/1 plugins.
example of full output
Code:
cd /home/nginx/domains/newdomain2.com/public/
wp cli update --allow-root
Success: WP-CLI is at the latest version
Code:
wp plugin status --allow-root

33 installed plugins:
  A wp-security-scan                4.0.5
  I addthis-smart-layers            1.0.10
  I akismet                         3.1.1
  A autoptimize                     1.9.2
UI backupwordpress                 3.2.2
  I db-cache-reloaded-fix           2.3
  A disable-xml-rpc                 1.0.1
  I go-newrelic                     0.3
  A google-analytics-for-wordpress  5.3.3
  I google-authenticator            0.47
  A gtmetrix-for-wordpress          0.4.1
  I hello                           1.6
  A jetpack                         3.4.1
  A limit-login-attempts            1.7.1
UA no-longer-in-directory          1.0.38
  A p3-profiler                     1.5.3.8
  I query-monitor                   2.7.1
  I recent-tweets-slider            1.0.1
  A rocket-lazy-load                1.0.3
  I search-regex                    1.4.15
  A sucuri-scanner                  1.7.8
  A theme-check                     20141222.1
  A tpc-memory-usage                0.9.1
UA updraftplus                     1.9.60
  I w3-total-cache                  0.9.4.1
UA wordpress-seo                   2.0
  A wp-optimize                     1.8.9.10
UA wp-smushit                      1.7.1
UA wp-super-cache                  1.4.2
  A wp-super-cache-clear-cache-menu 1.3.1
  A wp-updates-notifier             1.4.1
  A wp-widget-cache                 0.26
  M p3-profiler                

Legend: A = Active, I = Inactive, M = Must Use, U = Update Available
Code:
 wp plugin update --all --allow-root

Enabling Maintenance mode...
Downloading update from https://downloads.wordpress.org/plugin/no-longer-in-directory.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/updraftplus.1.9.63.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wordpress-seo.2.0.1.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wp-smushit.1.7.1.1.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wp-super-cache.1.4.4.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Disabling Maintenance mode...
Success: Updated 5/5 plugins.
FYI, if you want to update Wordpress core and database itself, easy too.
Code:
wp core check-update --allow-root
Success: WordPress is at the latest version.
Code:
wp core verify-checksums --allow-root
Success: WordPress install verifies against checksums.
Code:
wp core update --allow-root          
Success: WordPress is up to date.
Code:
wp core update-db --allow-root
Success: WordPress database upgraded successfully.

eva2000 · Apr 8, 2015

hmm suppose I could write a quick Wordpress WP-CLI update script to run 2 or 3 times a day for auto updates too for Centmin Mod's new centmin.sh menu option 22 which auto installs Wordpress + WP Super Cache and Nginx vhost setup. Edit: added wp plugin auto updater cron to centmin.sh menu option 22 in Centmin Mod .08 beta 02.

Can easily use a shell script to auto update wordpress every 8 hours = 3 times a day if you have WP-CLI addon/tool installed.

change EMAIL and WPINSTALL_DIR variables to your email and your wordpress install directory

save to say /root/tools/wpupdater.sh

Code:

#!/bin/bash
PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin
EMAIL='[email protected]'
WPINSTALL_DIR='/home/nginx/domains/newdomain2.com/public'

{
cd $WPINSTALL_DIR
echo "$WPINSTALL_DIR"
/usr/bin/wp cli update --allow-root
/usr/bin/wp plugin status --allow-root
/usr/bin/wp plugin update --all --allow-root
} 2>&1 | mail -s "Wordpress WP-CLI Auto Update `date`" $EMAIL

give permissions

Code:

chmod 0700 /root/tools/wpupdater.sh

use crontab -e to add the following cronjob

Code:

0 */8 * * * /root/tools/wpupdater.sh 2>/dev/null

exit crontab and save via CTRL+X

sample email I got

Code:

/home/nginx/domains/newdomain2.com/public
Success: WP-CLI is at the latest version.
33 installed plugins:
  A wp-security-scan                4.0.5
  I addthis-smart-layers            1.0.10
  I akismet                         3.1.1
  A autoptimize                     1.9.2
  I backupwordpress                 3.2.4
  I db-cache-reloaded-fix           2.3
  A disable-xml-rpc                 1.0.1
  I go-newrelic                     0.3
  A google-analytics-for-wordpress  5.3.3
  I google-authenticator            0.47
  A gtmetrix-for-wordpress          0.4.1
  I hello                           1.6
  A jetpack                         3.4.1
  A limit-login-attempts            1.7.1
  A no-longer-in-directory          1.0.39
  A p3-profiler                     1.5.3.8
  I query-monitor                   2.7.1
  I recent-tweets-slider            1.0.1
  A rocket-lazy-load                1.0.3
  I search-regex                    1.4.15
  A sucuri-scanner                  1.7.8
  A theme-check                     20141222.1
  A tpc-memory-usage                0.9.1
  A updraftplus                     1.9.63
  I w3-total-cache                  0.9.4.1
  A wordpress-seo                   2.0.1
  A wp-optimize                     1.8.9.10
  A wp-smushit                      1.7.1.1
  A wp-super-cache                  1.4.4
  A wp-super-cache-clear-cache-menu 1.3.1
  A wp-updates-notifier             1.4.1
  A wp-widget-cache                 0.26
  M p3-profiler

Legend: A = Active, I = Inactive, M = Must Use
Success: Updated 0/0 plugins.

eva2000 · Apr 8, 2015

More info at Vulnerability: Persistent XSS in WP-Super-Cache | Sucuri Blog

Security Risk: Dangerous
Exploitation level: Very Easy/Remote
DREAD Score: 8/10
Vulnerability: Persistent XSS
Patched Version: 1.4.4

During a routine audit for our Website Firewall (WAF), we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according towordpress.org). The security issue, as well as another bug-fix that was included in the issue’s original patch, are fixed in version 1.4.4.

What are the risks?
Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
Click to expand...

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Wordpress Wordpress Super Cache plugin users Update for security fix !

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Wordpress Wordpress Super Cache plugin users Update for security fix !

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.