Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress
CVE-2023-1923
4.3MEDIUM
What is CVE-2023-1923?
The WP Fastest Cache plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the wpfc_remove_cdn_integration_ajax_request_callback function. This vulnerability permits attackers, without authentication, to manipulate CDN settings by deceiving a site administrator into executing a malicious request, such as clicking on a specially crafted link. It highlights the importance of proper nonce validation to prevent unauthorized actions within WordPress plugins.
Affected Version(s)
WP Fastest Cache * <= 1.1.2