WP Super Cache 1.4.5 Patches XSS Vulnerability

If you use WP Super Cache to speed up your site, update to the latest version as soon as possible to patch critical security holes. The latest v1.4.5 update fixes a XXS vulnerability and prevents PHP object injections, among other bug fixes and enhancements. Here’s the complete changelog:

  • Enhancement: Only preload public post types. Props webaware.
  • Added an uninstall function that deletes the config file. Deactivate function doesn’t delete it any more.
  • Possible to deactivate the plugin without visiting the settings page now.
  • Fixed the cache rebuild system. Rebuild files now survive longer than the request that generate them.
  • Minor optimisations: prune_super_cache() exits immediately if the file doesn’t exist. The output of wp_cache_get_cookies_values() is now cached.
  • Added PHP pid to the debug log to aid debugging.
  • Various small bug fixes.
  • Fixed reset of expiry time and GC settings when updating advanced settings.
  • Removed CacheMeta class to avoid APC errors. It’s not used any more.
  • Fixed reset of advanced settings when using “easy” settings page.
  • Fixed XSS in settings page.
  • Hide cache files when servers display directory indexes.
  • Prevent PHP object injection through use of serialize().

Again, update this plugin as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

See if Cinch is right for you.

Ask us anything. Seriously. Like, what is the air speed velocity of an unladen swallow?

Start a chat right now

Or go ahead and Sign up now