Lucene search

[email protected]NVD:CVE-2023-6598

HistoryJan 11, 2024 - 9:15 a.m.

CVE-2023-6598

2024-01-1109:15:49

CWE-862

[email protected]

web.nvd.nist.gov

speedycache

wordpress plugin

data modification

authentication

vulnerability

capability check

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.3

Confidence

High

EPSS

Percentile

14.0%

JSON

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options.

Affected configurations

Nvd

Node

softaculousspeedycacheRange≤1.1.3wordpress

VendorProductVersionCPE
softaculousspeedycache*cpe:2.3:a:softaculous:speedycache:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
softaculous	speedycache	*	cpe:2.3:a:softaculous:speedycache::::::wordpress::*

References

plugins.trac.wordpress.org/changeset/3010577/speedycache

www.wordfence.com/threat-intel/vulnerabilities/id/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.3

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-6598

cve1 cvelist1 prion1 wpvulndb1 wordfence1