

As many as 1M sites imperiled by dangerous bug in WordPress plugin - smacktoward
http://arstechnica.com/security/2015/04/as-many-as-1-million-sites-imperiled-by-dangerous-bug-in-wordpress-plugin/

======
pdevr
tl;dr (excerpts from Sucuri's blog post):

"The issue lies in the way WP-Super-Cache would display information stored in
cache file’s key..."

"....the $details[ ‘key’ ] is directly appended to the page’s content, without
being sanitized first..."

