cbcvebase.
CVE-2023-6063
published 2023-12-04

CVE-2023-6063: The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
73.71%
99.4th percentile
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpfastestcachewp_fastest_cache< 1.2.21.2.2

Detection & IOCsextracted from sources · hover to see the quote

cookiewordpress_logged_in
cookiewordpress_logged_in_1=%22%20AND%20%28SELECT%201%20FROM%20%28SELECT%28SLEEP%285%29%29A%29%20AND%20%221%22%3D%221
commandwordpress_logged_in_dsadasdasd=" AND (SELECT 3809 FROM (SELECT(SLEEP(5)))RDVP) AND "HQDg"="HQDg
path/wp-content/plugins/wp-fastest-cache/
  • Detect unauthenticated GET requests to WordPress sites with a 'wordpress_logged_in*' cookie containing SQL metacharacters (e.g., double-quote, AND, SELECT, SLEEP) — no authentication is required to trigger the vulnerability.
  • Use the Shodan/FOFA fingerprint path '/wp-content/plugins/wp-fastest-cache/' to identify exposed vulnerable WordPress instances for proactive scanning.
  • The injection point is the username extracted from the cookie value via regex (everything before the first pipe '|' character), which is then interpolated unsanitized into a SQL query — look for cookie values with SQL syntax before the '|' delimiter.
  • ·The vulnerability affects all versions of WP Fastest Cache strictly before 1.2.2; version 1.2.2 and later contain the fix. Ensure version checks target '<1.2.2' rather than '<=1.2.2'.
  • ·Exploitation is time-based blind SQLi (SLEEP-based), meaning it will not produce obvious error responses — detection must rely on anomalous response-time analysis or cookie content inspection rather than HTTP error codes.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.