WP Super Cache 1.4.9 Patches Multiple XSS Vulnerabilities
WP Super Cache is a nearly 10-year-old plugin that is maintained by Donncha Ó Caoimh and is actively installed on more than a million sites. Releases have been far and few between, but Ó Caoimh has released WP Super Cache 1.4.9 that patches cross-site-scripting vulnerabilities on the settings page. “Those pages are only accessible by admin users so an anonymous visitor to your site can’t come along and enable it to steal your login cookies but along with those fixes come many bug fixes so it’s worth upgrading if you’re using an old version,” Ó Caoimh said.
In addition to patching security vulnerabilities, this release also contains a number of bug fixes. There’s also a fix in this version for those who host a lot of sites that use WP Super Cache and are running into issues with semaphores due to the possibility of users using file locking.
If you’re running into this issue and need to disable file locking completely, Ó Caoimh suggests setting the WPSC_DISABLE_LOCKING constant in a global config file. “The file locking simply slowed down how fast cache files were created and is a hold-over from WP Cache when
Source: https://managewp.org/articles/14367/wp-super-cache-1-4-9-patches-multiple-xss-vulnerabilities
source https://williechiu40.wordpress.com/2017/02/10/wp-super-cache-1-4-9-patches-multiple-xss-vulnerabilities/