CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1925 – WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'
https://notcve.org/view.php?id=CVE-2023-1925
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1926 – WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'
https://notcve.org/view.php?id=CVE-2023-1926
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1927 – WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar'
https://notcve.org/view.php?id=CVE-2023-1927
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1928 – WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'
https://notcve.org/view.php?id=CVE-2023-1928
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1929 – WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'
https://notcve.org/view.php?id=CVE-2023-1929
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1930 – WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback'
https://notcve.org/view.php?id=CVE-2023-1930
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1931 – WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'
https://notcve.org/view.php?id=CVE-2023-1931
06 Apr 2023 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion. • https://plugins.trac.wordpress.org/changeset/2893158/wp-fastest-cache/trunk/wpFastestCache.php?contextall=1 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24870 – WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24870
14 Oct 2021 — The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload El complemento de WordPress WP Fastest Cache anterior a 0.9.5 carece de una verificación CSRF en su acción AJAX wpfc_save_cdn_integration, y no sanitiza ni escapa algunas de las opciones disponibles a ... • https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24869 – WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24869
14 Oct 2021 — The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber El complemento de WordPress WP Fastest Cache anterior a 0.9.5 no escapa a la entrada del usuario en el método set_urls_with_terms antes de usarlo en una declaración SQL, lo que lleva a una inyección de SQL explotable por usuarios con pocos privilegios, como un suscriptor. The WP Fa... • https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20714 – WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2021-20714
27 Apr 2021 — Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. La vulnerabilidad de salto de directorio en WP Fastest Cache versiones anteriores a 0.9.1.7 permite a un atacante remoto con privilegios de administrador eliminar archivos arbitrarios en el servidor por medio de vectores no especificados • https://jvn.jp/en/jp/JVN35240327/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •