"WP Fastest Cache Plugin Bug Exposes 600K WordPress Sites to Attacks"

It has recently been discovered that the WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.  WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search.  According to WordPress.org stats, it is used by more than a million sites.  Download statistics from WordPress.org show that more than 600,000 websites still run a vulnerable version of the plugin and are exposed to potential attacks.  Security researchers at WPScan disclosed the details of the SQL injection vulnerability, tracked as CVE-2023-6063.  The vulnerability has a high severity score of 8.6 and impacts all versions of the plugin before 1.2.2.  A fix has been made available by the WP Fastest Cache developer in version 1.2.2, released yesterday.  All users of the plugin are recommended to upgrade to the latest version as soon as possible.

BleepingComputer reports: "WP Fastest Cache Plugin Bug Exposes 600K WordPress Sites to Attacks"