CVE-2024-13337

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcrclearfy' page. This makes it possibl...

WordPress plugin Clearfy Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-12314

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitiz...

CVE-2024-12314

CVE-2024-12314 affects the Rapid Cache WordPress plugin (versions up to and including 1.2.3). The issue is HTTP header data stored in the cache, enabling cache poisoning that may lead to Cross-Site Scripting. The CVSS v3.1 base score is 7.2 (HIGH) with network impact and no user interaction. Curr...

CVE-2024-12314 Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitiz...

CVE-2024-12628

The bodi0s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2024-12628

CVE-2024-12628 (bodi0’s Easy Cache, WordPress) Stored Cross-Site Scripting vulnerability in the cache storing path parameter (cache-folder) affects all versions up to 0.8. Exploitation requires authenticated admin+ privileges and is limited to multi-site deployments and sites where unfiltered_htm...

GHSA-8QV4-773J-C979 JetBrains Ktor information disclosure

Improper caching in JetBrains Ktor before 3.0.0 in the HttpCache Plugin could lead to response information disclosure...

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9169 Patch priority Low CVSS severity Low 5.9 Developer Hai Zheng / Lite Speed Cache PSID 86505b2e63f8 Credits WordFence...

CVE-2024-3246

CVE-2024-3246 affects LiteSpeed Cache for WordPress (versions

Exploit for Cross-site Scripting in Litespeedtech Litespeed_Cache

CVE-2023-40000 LiteSpeed Cache plugin for WordPress that could...

CVE-2021-24869

The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the seturlswithterms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber...

CVE-2023-34177

Cross-Site Request Forgery CSRF vulnerability in Kenth Hagström WP-Cache.Com plugin = 1.1.1 versions...

PT-2023-24715 · WordPress · Wp-Cache.Com

Name of the Vulnerable Software and Affected Versions: Kenth Hagström WP-Cache.Com plugin versions prior to 1.1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

WP Fastest Cache Plugin for WordPress < 1.1.3 Multiple Vulnerabilities

The WordPress Fastest Cache Plugin installed on the remote host suffers from multiple vulnerabilities: - A nonce validation issue on the wpfcpreloadsinglecallback function leading to a Cross-Site Request Forgery CSRF vulnerability permitting attackers to invoke a cache building action CVE-2023-19...

CVE-2023-1938

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue...

CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to dele...

CVE-2023-1927

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...

Cross site request forgery (csrf)

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...