Unauthorized Data Deletion in WP Fastest Cache Plugin for WordPress
CVE-2023-1930
4.3MEDIUM
What is CVE-2023-1930?
The WP Fastest Cache plugin for WordPress has a serious security flaw that allows authenticated users with subscriber-level access to delete important cached data. This vulnerability arises from a lack of proper capability checks in the wpfc_clear_cache_of_allsites_callback function, present in versions up to and including 1.1.2. As a result, a malicious actor could exploit this gap to disrupt website functionality by removing cache files, potentially leading to performance degradation and user dissatisfaction.
Affected Version(s)
WP Fastest Cache * <= 1.1.2