CVE-2023-6063
published 2023-12-04CVE-2023-6063: The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
73.71%
99.4th percentile
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpfastestcache | wp_fastest_cache | < 1.2.2 | 1.2.2 |
Detection & IOCsextracted from sources · hover to see the quote
cookiewordpress_logged_in_1=%22%20AND%20%28SELECT%201%20FROM%20%28SELECT%28SLEEP%285%29%29A%29%20AND%20%221%22%3D%221↗
commandwordpress_logged_in_dsadasdasd=" AND (SELECT 3809 FROM (SELECT(SLEEP(5)))RDVP) AND "HQDg"="HQDg↗
path/wp-content/plugins/wp-fastest-cache/
- →Detect unauthenticated GET requests to WordPress sites with a 'wordpress_logged_in*' cookie containing SQL metacharacters (e.g., double-quote, AND, SELECT, SLEEP) — no authentication is required to trigger the vulnerability. ↗
- →Use the Shodan/FOFA fingerprint path '/wp-content/plugins/wp-fastest-cache/' to identify exposed vulnerable WordPress instances for proactive scanning.
- →The injection point is the username extracted from the cookie value via regex (everything before the first pipe '|' character), which is then interpolated unsanitized into a SQL query — look for cookie values with SQL syntax before the '|' delimiter. ↗
- ·The vulnerability affects all versions of WP Fastest Cache strictly before 1.2.2; version 1.2.2 and later contain the fix. Ensure version checks target '<1.2.2' rather than '<=1.2.2'. ↗
- ·Exploitation is time-based blind SQLi (SLEEP-based), meaning it will not produce obvious error responses — detection must rely on anomalous response-time analysis or cookie content inspection rather than HTTP error codes. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
exploitdb·2024-02-28·CVSS 7.5
CVE-2023-6063 [HIGH] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
---
# Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2
# Date: 14.11.2023
# Exploit Author: Meryem Taşkın
# Vendor Homepage: https://www.wpfastestcache.com/
# Software Link: https://wordpress.org/plugins/wp-fastest-cache/
# Version: WP Fastest Cache 1.2.2
# Tested on: WP Fastest Cache 1.2.2
# CVE: CVE-2023-6063
## Description
An SQL injection vulnerability exists in version 1.2.2 of the WP Fastest Cache plugin, allowing an attacker to trigger SQL queries on the system without authentication.
## Vuln Code
public function is_user_admin(){
global $wpdb;
foreach ((array)$_COOKIE as $cookie_key => $cookie_value){
if(preg_match("/wordpress_logged_in/i", $cookie_key)){
$username = preg_replace("/^([^\|]+)\|.+/", "$1
Metasploit
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
metasploit·CVSS 7.5
CVE-2023-6063 [HIGH] WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
WP Fastest Cache, a WordPress plugin, prior to version 1.2.2, is vulnerable to an unauthenticated SQL injection vulnerability via the 'wordpress_logged_in' cookie. This can be exploited via a blind SQL injection attack without requiring any authentication.
Nuclei
WP Fastest Cache 1.2.2 - SQL Injection
nuclei·CVSS 7.5
CVE-2023-6063 [HIGH] WP Fastest Cache 1.2.2 - SQL Injection
WP Fastest Cache 1.2.2 - SQL Injection
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Template:
id: CVE-2023-6063
info:
name: WP Fastest Cache 1.2.2 - SQL Injection
author: DhiyaneshDK
severity: high
description: |
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
impact: |
Unauthenticated attackers can execute SQL injection to extract the complete WordPress database including user credentials and site data.
remediation: Fixed in 1.2.2
reference:
- https://wpscan.com/blog/unauthentica
https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443ehttps://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e
2023-12-04
Published