CVE-2023-1375
published 2023-06-09CVE-2023-1375: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.53%
41.0th percentile
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emrevona | wp_fastest_cache_wordpress_cache_plugin | <= 1.1.2 | — |
| wpfastestcache | wp_fastest_cache | <= 1.1.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP Fastest Cache Plugin up to 1.1.2 on WordPress deleteCacheToolbar authorization
vuldb·2026-04-09·CVSS 4.3
CVE-2023-1375 [MEDIUM] WP Fastest Cache Plugin up to 1.1.2 on WordPress deleteCacheToolbar authorization
A vulnerability classified as problematic has been found in WP Fastest Cache Plugin up to 1.1.2 on WordPress. Affected is the function deleteCacheToolbar. Performing a manipulation results in missing authorization.
This vulnerability was named CVE-2023-1375. The attack may be initiated remotely. There is no available exploit.
GHSA
GHSA-5qp6-m6g2-73r6: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1
ghsa_unreviewed·2023-06-09
CVE-2023-1375 [MEDIUM] CWE-862 GHSA-5qp6-m6g2-73r6: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L866https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2893158%40wp-fastest-cache&new=2893158%40wp-fastest-cache&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ae643666-70cb-4eb4-a183-e1649264ded4?source=cvehttps://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L866https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2893158%40wp-fastest-cache&new=2893158%40wp-fastest-cache&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ae643666-70cb-4eb4-a183-e1649264ded4?source=cve
2023-06-09
Published