Protecting WordPress Websites from Critical SQL Injection Vulnerability in WP Fastest Cache Plugin
At SiteGround, we always take proactive measures to identify and address potential vulnerabilities promptly. This was the case with the latest critical vulnerability for WordPress sites using the popular WP Fastest Cache plugin. By upgrading the vulnerable WP Fastest Cache plugin to version 1.2.2, we remedied a critical SQL injection vulnerability within an hour since it was reported.
Understanding the Vulnerability
The WP Fastest Cache plugin is widely used to enhance website performance by generating static HTML files. However, versions prior to 1.2.2 of this plugin were found to have a severe SQL injection vulnerability, reported last week. This vulnerability allowed unauthenticated attackers to inject additional SQL queries into existing queries, potentially compromising the security of the website’s database.
This security flaw scored 9.8 out of 10, indicating its critical nature. As a result, it was crucial for us to take immediate action to protect our clients’ websites.
Upgrading the Plugin for Enhanced Security
To safeguard our clients’ websites, we proactively upgraded the WP Fastest Cache plugin on their behalf. Our dedicated team upgraded over 98% of the plugin users on our servers to version 1.2.2 . The mass upgrade was completed within an hour, effectively eliminating the critical SQL injection risk.
However, a very small portion of WordPress websites did not receive the plugin upgrade despite multiple attempts. If you are using the WP Fastest Cache plugin, please check your current version from the WordPress dashboard of your website. We strongly advise you to take action immediately and either manually upgrade the plugin to version 1.2.2 or remove it from your website altogether. With this upgrade, we ensure that your websites are protected against potential exploits and unauthorized access to sensitive information.
If you’re looking for a reliable alternative to the WP Fastest Cache plugin, we recommend trying the SiteGround WordPress Optimizer plugin. It’s trusted by over 1,000,000 WordPress webmasters, and is ranked among the best WordPress performance plugins by the WordPress community. It’s pre-installed by default for all SiteGround clients, and completely free and available to download on any other hosting provider, if you have WordPress websites hosted elsewhere.
Our Commitment to Website Security
At SiteGround, we continuously monitor the security landscape for potential vulnerabilities. We prioritize addressing critical security issues, even in the event of third-party plugins – like the SQL injection vulnerability in the WP Fastest Cache plugin. Our proactive approach in upgrading the plugin for our clients demonstrates our commitment to providing a secure hosting environment.
If you have any questions or concerns about the security of your website, our dedicated support team is available to assist you. We are here to ensure that your WordPress website remains safe and protected.
Comments ( 8 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
khan zain
SiteGround! Your swift response to the critical SQL injection vulnerability in the WP Fastest Cache plugin reflects your commitment to proactive security measures. The timely upgrade for clients showcases dedication to ensuring a secure hosting environment.
Ivan Naidenov Siteground Team
Thank you for sharing your thoughts, Khan, it really means a lot to us! You're absolutely right - we're fully committed to offering secured hosting to our clients, it is essential for us. For even more examples - take a look at the Security tab in our blog: https://eu.siteground.com/blog/category/security/ . Cheers!
aedien
hey i want a best service for hosting
Ivan Naidenov Siteground Team
Hello Aedien! Let's chat about your project and how we can offer the right solutions for your needs. Here is a direct link you can use, select New Customer: https://stgrnd.co/chat/ .
Generosus
When is SiteGround going to issue a blog announcing the implementation of SQL 8.X? WordPress 6.5 was released yesterday (April 2, 2024) and now we're getting a WP Site Health warning stating our database is not compliant with SQL 8.X. SQL 8.X has been available since April 19, 2018 and WordPress has supported SQL 8.X it since December 6, 2018. Details: https://make.wordpress.org/hosting/handbook/compatibility/ A blog offering SiteGround's status on implementing SQL 8.X is of utmost importance. As you know, SQL 8.X introduces numerous security upgrades over SQL 5.7. Thank you!
Lina Asenova Siteground Team
Hey there, thank you for your question. We are currently getting ready for a full rollout of MySQL 8. Our goal is to complete the migration of all users to MySQL 8 by the end of June. Additionally, starting later this week, all new servers will come equipped with MySQL 8. As soon as the process starts, we will publish a detailed blog post and inform you via email. Regarding your security concerns, we want to assure you that our current MySQL 5.7 setup adheres to strict security policies, and we constantly monitor our systems to ensure the security of our clients' accounts. Thank you once again for reaching out. We value your patience and understanding as we progress with this update.
Generosus
Thank you, Lina!
Nasibul Alam
I completely agree—SiteGround is rock solid when it comes to web security. I always recommend SiteGround to my clients who need to recover hacked websites and malware removal services. Its separate installations are more secure than regular shared hosting. Thank you.
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through