CVE-2023-1938

CWE-918 — Server-Side Request Forgery (SSRF)CWE-352 — Cross-Site Request Forgery (CSRF)CWE-416 — Use After Free27 documents4 sources

Severity

8.8HIGH

EPSS

8.2%

top 7.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown WP Fastest Cache Wpfastestcache WP Fastest Cache

Timeline

PublishedMay 30

Latest updateAug 8

Description

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/wp_fastest_cache< 1.1.5

▶NVDwpfastestcache/wp_fastest_cache< 1.1.5

🔴Vulnerability Details

CVEList

WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF↗2023-05-30

▶

GHSA

GHSA-8wvj-4mr8-vx3q: The WP Fastest Cache WordPress plugin before 1↗2023-05-30

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2023-4572 Use after free in MediaStream↗2023-08-08

▶

Microsoft

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability↗2023-08-08

▶

Microsoft

Chromium: CVE-2023-4350 Inappropriate implementation in Fullscreen↗2023-08-08

▶

Microsoft

Chromium: CVE-2023-4353 Heap buffer overflow in ANGLE↗2023-08-08

▶

Microsoft

Chromium: CVE-2023-4366 Use after free in Extensions↗2023-08-08

▶