WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection
CVE-2021-24869
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 16 January 2024
Badges
Summary
A vulnerability exists in the WP Fastest Cache Plugin for WordPress prior to version 0.9.5 due to inadequate input sanitization in the set_urls_with_terms method. This flaw allows low privilege users, such as subscribers, to exploit the vulnerability, enabling them to manipulate SQL statements and potentially extract sensitive data from the database. The absence of proper escaping mechanisms for user inputs poses significant risks, particularly in environments where user roles are not tightly controlled.
Affected Version(s)
WP Fastest Cache 0 < 0.9.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved