cbcvebase.

Emrevona Wp Fastest Cache Wordpress Cache Plugin vulnerabilities

18 known vulnerabilities affecting emrevona/wp_fastest_cache_wordpress_cache_plugin.

Total CVEs
18
CISA KEV
0
Public exploits
1
Exploited in wild
5
Severity breakdown
HIGH2MEDIUM16

Vulnerabilities

Page 1 of 1
CVE-2020-36836P2HIGHCVSS 8.1ExploitedPoCfixed in 0.9.0.32024-10-16
CVE-2020-36836 [HIGH] CWE-352 CVE-2020-36836: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in v The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
nvd
CVE-2023-1931P2MEDIUMCVSS 4.3Exploited≤ 1.1.22023-04-06
CVE-2023-1931 [MEDIUM] CWE-862 CVE-2023-1931: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing c The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.
nvd
CVE-2023-1930P2MEDIUMCVSS 4.3Exploited≤ 1.1.22023-04-06
CVE-2023-1930 [MEDIUM] CWE-862 CVE-2023-1930: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missi The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.
nvd
CVE-2023-1929P2MEDIUMCVSS 4.3Exploited≤ 1.1.22023-04-06
CVE-2023-1929 [MEDIUM] CWE-862 CVE-2023-1929: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a m The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.
nvd
CVE-2023-1928P2MEDIUMCVSS 4.3Exploited≤ 1.1.22023-04-06
CVE-2023-1928 [MEDIUM] CWE-862 CVE-2023-1928: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a m The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.
nvd
CVE-2024-4347P3HIGHCVSS 7.2≤ 1.2.62024-05-23
CVE-2024-4347 [HIGH] CWE-22 CVE-2024-4347: The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environme
nvd
CVE-2025-10476P4MEDIUMCVSS 4.3≤ 1.4.02025-11-27
CVE-2025-10476 [MEDIUM] CWE-862 CVE-2025-10476: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate several database fix actions. This on
nvd
CVE-2023-1375P4MEDIUMCVSS 4.3≤ 1.1.22023-06-09
CVE-2023-1375 [MEDIUM] CWE-862 CVE-2023-1375: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions u The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
nvd
CVE-2023-1921P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1921 [MEDIUM] CWE-352 CVE-2023-1921: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted th
nvd
CVE-2023-1923P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1923 [MEDIUM] CWE-352 CVE-2023-1923: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted t
nvd
CVE-2023-1927P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1927 [MEDIUM] CWE-352 CVE-2023-1927: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site
nvd
CVE-2023-1922P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1922 [MEDIUM] CWE-352 CVE-2023-1922: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted th
nvd
CVE-2023-1926P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1926 [MEDIUM] CWE-352 CVE-2023-1926: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site adminis
nvd
CVE-2023-1919P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1919 [MEDIUM] CWE-352 CVE-2023-1919: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request grante
nvd
CVE-2023-1918P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1918 [MEDIUM] CWE-352 CVE-2023-1918: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can tr
nvd
CVE-2023-1924P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1924 [MEDIUM] CWE-352 CVE-2023-1924: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can tric
nvd
CVE-2023-1925P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1925 [MEDIUM] CWE-352 CVE-2023-1925: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a sit
nvd
CVE-2023-1920P4MEDIUMCVSS 4.3≤ 1.1.22023-04-06
CVE-2023-1920 [MEDIUM] CWE-352 CVE-2023-1920: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick
nvd
Emrevona Wp Fastest Cache Wordpress Cache Plugin vulnerabilities | cvebase