Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

PoC for CVE-2023-6063: WP Fastest Cache 1.2.2 Unauthenticated...

CVE-2020-36836

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

CVE-2024-4347

The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the...

CVE-2020-36836

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

EUVD-2020-30788

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

CVE-2020-36836

The CVE-2020-36836 entry impacts the WordPress WP Fastest Cache plugin. Affected plugin versions are

WordPress plugin WP Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...

WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)

WP Fastest Cache, a WordPress plugin, prior to version 1.2.2, is vulnerable to an unauthenticated SQL injection vulnerability via the 'wordpressloggedin' cookie. This can be exploited via a blind SQL injection attack without requiring any authentication. Module Options msf use...

PT-2024-10846

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions prior to 0.9.0.3 Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a lack of capability checking and insufficient path validation. This allows...

WordPress WP Fastest Cache plugin <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by shaman0x01 in WordPress Plugin WP Fastest Cache versions = 1.2.6...

CVE-2024-4347

The CVE-2024-4347 entry concerns the WordPress WP Fastest Cache plugin (≤ 1.2.6) vulnerable to Directory Traversal via the specificDeleteCache function. Several connected sources confirm that an authenticated administrator can delete arbitrary files on the server (e.g., wp-config.php) in a shared...

WordPress WP Fastest Cache Plugin <= 1.2.6 is vulnerable to Arbitrary File Deletion

Software WP Fastest Cache Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-4347 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 99db9c14b0de Credits Khayal Farzaliyev shaman0x01 Required...

WordPress WP Fastest Cache 1.2.2 SQL Injection

Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2 Date: 14.11.2023 Exploit Author: Meryem Taşkın Vendor Homepage: https://www.wpfastestcache.com/ Software Link: https://wordpress.org/plugins/wp-fastest-cache/ Version: WP Fastest Cache 1.2.2 Tested on: WP Fastest Cache 1.2.2...

WordPress WP Fastest Cache 1.2.2 SQL Injection Vulnerability

WordPress WP Fastest Cache plugin version 1.2.2 suffers from an unauthenticated remote SQL injection vulnerability. Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2 Exploit Author: Meryem Taşkın Vendor Homepage: https://www.wpfastestcache.com/ Software Link:...

Sql injection

The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

CVE-2021-24870 WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfcsavecdnintegration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripti...

CVE-2021-24869 WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection

The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

CVE-2021-24869

CVE-2021-24869 affects the WP Fastest Cache WordPress plugin (versions prior to 0.9.5). The root cause is that user input in the set_urls_with_terms method is not escaped before being used in a SQL statement, enabling an SQL injection. The vulnerability can be exploited by low-privilege users (e....

WordPress plugin WP Fastest Cache security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin WP Fastest Cache security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...