WordPress WP Super Cache Information Disclosure Scanner

The WordPress WP Super Cache is a popular caching plugin used within WordPress sites to improve website performance by caching pages. This plugin is commonly utilized by website owners and administrators who seek to increase the speed and efficiency of their WordPress-hosted content. The plugin serves to reduce server load by serving cached HTML files instead of processing heavier PHP scripts. It is highly adopted in the WordPress community for its ease of use and ability to significantly improve loading times. With a vast number of downloads and active installations, WP Super Cache is considered an essential tool for site optimization in managing heavy traffic environments.

The vulnerability detected within the WordPress WP Super Cache plugin is an Information Disclosure issue. The vulnerability is identified when the plugin's sensitive files are publically accessible, which may inadvertently expose server path information. This occurs when certain PHP files are accessed directly, leading to the display of error messages that reveal sensitive system information. The vulnerability primarily affects users who have configured their WP Super Cache settings insecurely, allowing outsiders to access debugging information improperly. Information Disclosure issues can pave the way for more severe attacks if not rectified properly.

Technical details of this vulnerability revolve around unsecured access to specific files within the WP Super Cache plugin. Specifically, the files 'ossdl-cdn.php' and 'rest/load.php' situated in the plugin directory lack necessary access controls. When accessed directly through a web request, these files can generate PHP error messages visible to users. Such messages can reveal sensitive information like file paths or server configurations which would otherwise remain hidden. The vulnerability is triggered by HTTP GET requests to specific endpoints that fail to be mitigated under normal ABSPATH protection measures. As a result, the returned error messages can compromise confidential site details.

If exploited, this vulnerability could lead malicious actors to gain unauthorized insights into the site's architecture and server configurations. Information Disclosure might not be severely damaging in isolation but can serve as a foundational element for developing more sophisticated attacks. For instance, exposed file paths can aid in conducting further reconnaissance or facilitate subsequent attacks that exploit known flaws in those systems. Depending on the information revealed, attackers might attempt privilege escalation, file manipulations, or even remote code executions assuming they locate other exploitable vectors.

REFERENCES

• https://wordpress.org/plugins/super-cache/