The popular WordPress plugin WP Super Cache has been found to have a critical vulnerability in versions 1.4.3 and lower. The vulnerability is a persistent cross-site scripting attack. Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
All WordPress users who utilize the plugin should immediately update WP Super Cache to version 1.4.4.