CVE-2023-1929

CWE-862Missing AuthorizationCWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 53.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Emrevona WP Fastest Cache – Wordpress Cache PluginWpfastestcache WP Fastest Cache
Timeline
PublishedApr 6

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

3
GHSA
GHSA-9r7g-xc2c-7hx6: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_var2023-04-06
CVEList
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'2023-04-06
VulnCheck
WP Fastest Cache plugin for WordPress Unauthorised Data Modification Vulnerability2023
CVE-2023-1929 (MEDIUM CVSS 4.3) | The WP Fastest Cache plugin for Wor | cvebase.io