7 matches found
CVE-2023-6063
CVE-2023-6063 affects WP Fastest Cache WordPress plugin versions ≤ 1.2.2. The vulnerability is an unauthenticated SQL injection caused by improper sanitization/escaping of parameters in SQL statements, exploitable via the wordpress_logged_in cookie. Impact reported in sources includes potential e...
CVE-2023-1938
CVE-2023-1938 affects the WordPress plugin WP Fastest Cache up to version 1.1.5. The flaw allows Blind SSRF via an AJAX action because there is no CSRF check and user input is not validated before use in wp_remote_get(). Exploitation details are not provided in the initial documents; the CVSS bas...
CVE-2021-20714
CVE-2021-20714 affects the WordPress WP Fastest Cache plugin prior to version 0.9.1.7. The vulnerability is a directory traversal flaw that allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. Root cause is a path traversal issue ...
CVE-2020-36836
The CVE-2020-36836 entry impacts the WordPress WP Fastest Cache plugin. Affected plugin versions are
CVE-2015-9316
The CVE applies to the WordPress WP Fastest Cache plugin before 0.8.4.9. Vulnerable component: wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request, where the poll_id parameter is unsafely used in a SQL query, enabling SQL injection. Root cause: improper sanitization/escaping in the AJAX hand...
CVE-2021-24869
CVE-2021-24869 affects the WP Fastest Cache WordPress plugin (versions prior to 0.9.5). The root cause is that user input in the set_urls_with_terms method is not escaped before being used in a SQL statement, enabling an SQL injection. The vulnerability can be exploited by low-privilege users (e....
CVE-2021-24870
CVE-2021-24870 concerns the WordPress plugin WP Fastest Cache prior to 0.9.5. The vulnerability is a CSRF/checks-and-escaping flaw in the wpfc_save_cdn_integration AJAX action, coupled with insufficient sanitization/escaping of options, which could allow a logged-in, high-privilege user to trigge...