WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
CVE-2023-6063

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WP Fastest Cache
Vendor: CVE Published:; 4 December 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 56%

Summary

The WP Fastest Cache plugin for WordPress is susceptible to a SQL injection vulnerability due to inadequate sanitization and escaping of user-supplied data in SQL statements. This flaw enables unauthenticated attackers to execute arbitrary SQL queries, potentially compromising the integrity of the database and leading to unauthorized data access.

Affected Version(s)

WP Fastest Cache 0 < 1.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-6063-PoC
Created by motikan2010

CVE-2023-6063
Created by thesafdari

References

https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-...

exploitvdb-entrytechnical-description

https://wpscan.com/blog/unauthenticated-sql-injection-vul...

technical-description

EPSS Score

56% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 4, 2023
🟡
Public PoC available
Nov 16, 2023
👾
Exploit known to exist
Nov 16, 2023
Vulnerability Reserved
Nov 9, 2023

Credit

Alex Sanford

WPScan