Cross-Site Request Forgery in WP Fastest Cache Plugin for WordPress
CVE-2023-1927

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Fastest Cache
Vendor: CVE Published:; 6 April 2023

Summary

The WP Fastest Cache plugin for WordPress is subject to a Cross-Site Request Forgery vulnerability in versions up to and including 1.1.2. This flaw arises from inadequate nonce validation in the deleteCssAndJsCacheToolbar function. By exploiting this vulnerability, unauthenticated attackers can potentially delete cache files by deceiving an administrator into executing a malicious request, such as clicking a crafted link, thereby compromising the integrity of the cache management processes.

Affected Version(s)

WP Fastest Cache * <= 1.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2893158/wp-f...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Apr 6, 2023

Credit

Marco Wotschka