CVE-2023-6063

CVE-2023-6063 affects WP Fastest Cache WordPress plugin versions ≤ 1.2.2. The vulnerability is an unauthenticated SQL injection caused by improper sanitization/escaping of parameters in SQL statements, exploitable via the wordpress_logged_in cookie. Impact reported in sources includes potential e...

CVE-2023-1938

CVE-2023-1938 affects the WordPress plugin WP Fastest Cache up to version 1.1.5. The flaw allows Blind SSRF via an AJAX action because there is no CSRF check and user input is not validated before use in wp_remote_get(). Exploitation details are not provided in the initial documents; the CVSS bas...

CVE-2019-13635

The CVE-2019-13635 entry concerns the WordPress plugin WP Fastest Cache, affected through version 0.8.9.5. The vulnerability is a Directory Traversal in files wpFastestCache.php and inc/cache.php, enabling access to files outside the intended directory. Connected sources corroborate the affected ...

CVE-2019-6726

Summary: CVE-2019-6726 affects the WordPress plugin WP Fastest Cache ≤ 0.8.9.0. The vulnerability allows an unauthenticated, remote attacker to delete arbitrary files by abusing the HTTP Referer header in the functions wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache...

CVE-2021-20714

CVE-2021-20714 affects the WordPress WP Fastest Cache plugin prior to version 0.9.1.7. The vulnerability is a directory traversal flaw that allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. Root cause is a path traversal issue ...

CVE-2020-36836

The CVE-2020-36836 entry impacts the WordPress WP Fastest Cache plugin. Affected plugin versions are

CVE-2015-9316

The CVE applies to the WordPress WP Fastest Cache plugin before 0.8.4.9. Vulnerable component: wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request, where the poll_id parameter is unsafely used in a SQL query, enabling SQL injection. Root cause: improper sanitization/escaping in the AJAX hand...

CVE-2023-1928

The CVE-2023-1928 entry concerns the WordPress WP Fastest Cache plugin (versions up to 1.1.2). The vulnerability is a missing capability check in the wpfc_preload_single_callback function, enabling authenticated users with subscriber-level access to initiate cache creation (unauthorized data modi...

CVE-2018-17584

CVE-2018-17584 affects the WordPress plugin WP Fastest Cache 0.8.8.5, with a CSRF vulnerability on the wp-admin/admin.php wpfastestcacheoptions page. The entry is supported by NVD/WPVulndb references and related OpenVAS data, and has CVSSv3 base score 8.8 (HIGH), indicating a network-scoped issue...

CVE-2023-1931

The CVE-2023-1931 entry concerns the WordPress WP Fastest Cache plugin. Affected software: WP Fastest Cache plugin for WordPress (versions up to and including 1.1.2). Root cause: a missing capability check in the deleteCssAndJsCacheToolbar function, enabling authenticated users with subscriber-le...

CVE-2023-1375

CVE-2023-1375 affects the WP Fastest Cache WordPress plugin. A missing capability check in the deleteCacheToolbar function allows authenticated attackers with subscriber-level permissions and above to delete the site cache. Impact is unauthorized cache deletion for versions up to and including 1....

CVE-2023-1923

Affected product: WordPress WP Fastest Cache plugin. Vulnerable component: the wpfc_remove_cdn_integration_ajax_request_callback function. Root cause: missing/incorrect nonce validation leading to Cross-Site Request Forgery. Impact: unauthenticated attackers can change CDN settings via forged req...

CVE-2023-1926

The CVE-2023-1926 issue affects the WordPress plugin WP Fastest Cache (versions up to 1.1.2). Root cause: missing or incorrect nonce validation in the function deleteCacheToolbar allows unauthenticated attackers to trigger cache deletion via forged requests if a site admin is lured into clicking ...

CVE-2023-1929

The CVE-2023-1929 entry concerns the WordPress WP Fastest Cache plugin, affected through versions up to 1.1.2. The root cause is a missing capability check in the wpfc_purgecache_varnish_callback function, enabling authenticated subscribers to purge the varnish cache. This leads to unauthorized d...

CVE-2021-24869

CVE-2021-24869 affects the WP Fastest Cache WordPress plugin (versions prior to 0.9.5). The root cause is that user input in the set_urls_with_terms method is not escaped before being used in a SQL statement, enabling an SQL injection. The vulnerability can be exploited by low-privilege users (e....

CVE-2018-17585

Summary: The WP Fastest Cache WordPress plugin (versions up to 0.8.8.5; advisory texts also reference 0.8.8.6) contains a cross-site scripting (XSS) vulnerability exposed via the parameters wpFastestCachePreload_number and wpFastestCacheLanguage . The issue is confirmed across multiple sources in...

CVE-2023-1918

The CVE-2023-1918 issue affects the WordPress WP Fastest Cache plugin up to version 1.1.2, caused by missing or incorrect nonce validation in the wpfc_preload_single_callback function. Consequence per the sources: unauthenticated attackers can induce a cache-building action via forged requests, t...

CVE-2023-1921

CVE-2023-1921 (WP Fastest Cache CSRF, WordPress) The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.1.2 due to missing or incorrect nonce validation in the wpfc_start_cdn_integration_ajax_request_callback function. The vulnerability could all...

CVE-2023-1924

CVE-2023-1924 affects the WordPress WP Fastest Cache plugin up to version 1.1.2. The root cause is missing or incorrect nonce validation in the wpfc_toolbar_save_settings_callback function, enabling CSRF where unauthenticated attackers can forge requests to change cache settings if a site adminis...

CVE-2023-1930

The CVE-2023-1930 entry concerns the WP Fastest Cache WordPress plugin. The vulnerability arises from a missing capability check in the wpfc_clear_cache_of_allsites_callback function, affecting versions up to and including 1.1.2. This weakens access control: authenticated attackers with subscribe...

CVE-2023-1919

CVE-2023-1919 concerns the WordPress plugin WP Fastest Cache . A CSRF flaw stems from missing/incorrect nonce validation in the function wpfc_preload_single_save_settings_callback , allowing unauthenticated attackers to alter cache-related settings via forged requests if a site admin is tricked i...

CVE-2023-1927

Affected software: WP Fastest Cache plugin for WordPress (versions up to and including 1.1.2). Vulnerability type & root cause: Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the deleteCssAndJsCacheToolbar function. Impact: Unauthenticated attackers can delete cach...

CVE-2023-1922

The CVE-2023-1922 entry describes a CSRF flaw in WP Fastest Cache for WordPress up to version 1.1.2, caused by missing or incorrect nonce validation in the wpfc_pause_cdn_integration_ajax_request_callback function. This allows unauthenticated attackers to change CDN settings via a forged request ...

CVE-2018-17586

CVE-2018-17586 affects the WordPress plugin WP Fastest Cache (version 0.8.8.5 and earlier). The issue is an XSS vulnerability via the rules[0][content] parameter in the wpfc_save_timeout_pages action. Connected sources also indicate additional vulnerabilities in the same plugin family and suggest...

CVE-2015-4089

The CVE-2015-4089 entries describe multiple CSRF vulnerabilities in the WordPress WP Fastest Cache plugin, specifically in the optionsPageRequest function of admin.php prior to version 0.8.3.5. An attacker can exploit the wpFastestCachePage parameter to invoke (1) saveOption, (2) deleteCache, (3)...

CVE-2018-17583

The CVE-2018-17583 entry concerns the WordPress plugin WP Fastest Cache (version 0.8.8.5). A stored XSS condition exists via the rules[0][content] parameter in a wpfc_save_exclude_pages action. This is the underlying issue described in the CVE as well as corroborated by multiple references (NVD C...

CVE-2023-1920

The CVE-2023-1920 entry refers to the WP Fastest Cache WordPress plugin with CSRF vulnerability due to missing/incorrect nonce validation in the wpfc_purgecache_varnish_callback. Affected versions are up to and including 1.1.2. The underlying issue allows unauthenticated attackers to purge the va...

CVE-2023-1925

WP Fastest Cache for WordPress up to version 1.1.2 is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the wpfc_clear_cache_of_allsites_callback function. This can allow unauthenticated attackers to clear caches by tricking an administrator into performing an action (e....

CVE-2021-24870

CVE-2021-24870 concerns the WordPress plugin WP Fastest Cache prior to 0.9.5. The vulnerability is a CSRF/checks-and-escaping flaw in the wpfc_save_cdn_integration AJAX action, coupled with insufficient sanitization/escaping of options, which could allow a logged-in, high-privilege user to trigge...