Unauthorized Data Modification in WP Fastest Cache Plugin for WordPress
CVE-2023-1928

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Fastest Cache
Vendor: CVE Published:; 6 April 2023

Summary

The WP Fastest Cache plugin for WordPress is affected by a vulnerability that allows authenticated attackers with subscriber-level access to modify data improperly. This is due to the absence of a capability check in the wpfc_preload_single_callback function, which may lead to cache creation being initiated by unauthorized users. This flaw is present in versions up to and including 1.1.2 of the plugin.

Affected Version(s)

WP Fastest Cache * <= 1.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2893158/wp-f...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Apr 6, 2023

Credit

Marco Wotschka