224 matches found
EUVD-2023-24108
Malicious code in bioql PyPI...
EUVD-2023-24115
Malicious code in bioql PyPI...
EUVD-2023-24106
Malicious code in bioql PyPI...
EUVD-2023-24118
Malicious code in bioql PyPI...
EUVD-2023-24116
Malicious code in bioql PyPI...
EUVD-2021-8129
Malicious code in bioql PyPI...
CVE-2023-1929
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to pur...
CVE-2023-1928
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiat...
CVE-2023-1923
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...
CVE-2023-1931
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...
CVE-2023-1922
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpausecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...
CVE-2023-1926
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion vi...
CVE-2023-1930
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...
CVE-2021-24870
The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfcsavecdnintegration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripti...
CVE-2021-24869
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...
CVE-2021-20714
Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors...
CVE-2019-13635
The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal...
CVE-2019-6726
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wppostratingsclearfastestcache and rmfolderrecursively in wpFastestCache.php mishandle ../ in an HTTP Referer header...
CVE-2015-9316
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfcwppollsajaxrequest via the pollid parameter...
Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache
PoC for CVE-2023-6063: WP Fastest Cache 1.2.2 Unauthenticated...