CVE-2023-6063

2023-12-0422:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-6063

wp fastest cache

wordpress plugin

sql injection

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Affected configurations

Vulners

NVD

Node

wpfastestcachewp_fastest_cacheRange<1.2.2

VendorProductVersionCPE
wpfastestcachewp_fastest_cache*cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpfastestcache	wp_fastest_cache	*	cpe:2.3:a:wpfastestcache:wp_fastest_cache::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Fastest Cache",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]