CVE-2021-24870

CWE-352Cross-Site Request Forgery (CSRF)CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 71.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP Fastest CacheWpfastestcache WP Fastest Cache
Timeline
PublishedJan 16

Description

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/wp_fastest_cache< 0.9.5

🔴Vulnerability Details

2
GHSA
GHSA-mvrw-4465-r2jc: The WP Fastest Cache WordPress plugin before 02024-01-16
CVEList
WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting2024-01-16
CVE-2021-24870 (MEDIUM CVSS 6.1) | The WP Fastest Cache WordPress plug | cvebase.io