4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.0%
The WordPress Fastest Cache Plugin installed on the remote host suffers from multiple vulnerabilities:
A nonce validation issue on the wpfc_preload_single_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to invoke a cache building action (CVE-2023-1918)
A nonce validation issue on the wpfc_preload_single_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to change cache related settings (CVE-2023-1919)
A nonce validation issue on the wpfc_purgecache_varnish_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to purge the varnish cache via a forged request (CVE-2023-1920)
A nonce validation issue on the wpfc_start_cdn_integration_ajax_request_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to change cdn settings via a forged request (CVE-2023-1921)
A nonce validation issue on the wpfc_pause_cdn_integration_ajax_request_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to change cdn settings via a forged request (CVE-2023-1922)
A nonce validation issue on the wpfc_remove_cdn_integration_ajax_request_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to change cdn settings via a forged request (CVE-2023-1923)
A nonce validation issue on the wpfc_toolbar_save_settings_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to change cache related settings (CVE-2023-1924)
A nonce validation issue on the wpfc_clear_cache_of_allsites_callback function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to clear caches (CVE-2023-1925)
A nonce validation issue on the deleteCacheToolbar function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to delete caches (CVE-2023-1926)
A nonce validation issue on the deleteCssAndJsCacheToolbar function leading to a Cross-Site Request Forgery (CSRF) vulnerability permitting attackers to delete caches (CVE-2023-1927)
A missing capability check vulnerability on the wpfc_preload_single_callback function permitting attackers with subscriber-level access to initiate cache creation (CVE-2023-1928)
A missing capability check vulnerability on the wpfc_purgecache_varnish_callback function permitting attackers with subscriber-level access to initiate cache creation (CVE-2023-1929)
A missing capability check vulnerability on the wpfc_clear_cache_of_allsites_callback function permitting attackers with subscriber-level access to initiate cache creation (CVE-2023-1930)
A missing capability check vulnerability on the deleteCssAndJsCacheToolbar function permitting attackers with subscriber-level access to initiate cache creation (CVE-2023-1931)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
wpfastestcache | wp_fastest_cache | * | cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1918
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1920
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1931
wordpress.com/plugins/wp-fastest-cache
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.0%