Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-6063

CWE-89 — SQL Injection7 documents7 sources
Severity
7.5HIGH
EPSS
91.9%
top 0.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown WP Fastest CacheWpfastestcache WP Fastest Cache
Timeline
PublishedDec 4
Latest updateFeb 28

Description

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

â–¶CVEListV5unknown/wp_fastest_cache< 1.2.2

🔴Vulnerability Details

2
GHSA
GHSA-r4qv-crh6-rjvj: The WP Fastest Cache WordPress plugin before 1↗2023-12-05
â–¶
CVEList
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection↗2023-12-04
â–¶

💥Exploits & PoCs

3
Exploit-DB
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection↗2024-02-28
â–¶
Metasploit
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)↗
â–¶
Nuclei
WP Fastest Cache 1.2.2 - SQL Injection
â–¶
CVE-2023-6063 (HIGH CVSS 7.5) | The WP Fastest Cache WordPress plug | cvebase.io