+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WP Super Cache 1.4.9 Patches Multiple XSS Vulnerabilities

WPTavern: WP Super Cache 1.4.9 Patches Multiple XSS Vulnerabilities

WP Super Cache is a nearly 10-year-old plugin that is maintained by Donncha Ó Caoimh and is actively installed on more than a million sites. Releases have been far and few between, but Caoimh has released WP Super Cache 1.4.9 that patches cross-site-scripting vulnerabilities on the settings page.

“Those pages are only accessible by admin users so an anonymous visitor to your site can’t come along and enable it to steal your login cookies but along with those fixes come many bug fixes so it’s worth upgrading if you’re using an old version,” Caoimh said.

In addition to patching security vulnerabilities, this release also contains a number of bug fixes. There’s also a fix in this version for those who host a lot of sites that use WP Super Cache and are running into issues with semaphores due to the possibility of users using file locking.

If you’re running into this issue and need to disable file locking completely, Caoimh suggests setting the WPSC_DISABLE_LOCKING constant in a global config file. “The file locking simply slowed down how fast cache files were created and is a hold-over from WP Cache when that plugin used to write directly to the cache files,” Caoimh said.

“This plugin writes to temporary files before moving to the final cache files so that locking isn’t really needed, but some sites still use it which is why it’s still around.”

Caoimh is already hard at work on the next version of WP Super Cache with an effort towards moving legacy cache files into supercache directories. This will improve performance and make the files easier to maintain.

Users are encouraged to update to 1.4.9 as soon as possible. To see a detailed list of changes and bug fixes, visit the plugin’s changelog.



Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more

Leave a Reply

Your email address will not be published.