CVE-2015-4089

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 60.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpfastestcache WP Fastest Cache

Timeline

PublishedSep 19

Latest updateMay 14

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDwpfastestcache/wp_fastest_cache0.8.3.4

🔴Vulnerability Details

GHSA

GHSA-fr29-vww3-q54m: Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin↗2022-05-14

▶

CVEList

CVE-2015-4089: Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin↗2017-09-19

▶