Cross-Site Request Forgery Vulnerability in Clearfy Cache Plugin by WordPress
CVE-2024-13338
5.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 12 April 2025
Summary
The Clearfy Cache plugin for WordPress, which enhances site performance by optimizing caching, suffers from a Cross-Site Request Forgery vulnerability. This flaw arises from inadequate nonce validation in the wclearfy_cache_delete function, allowing attackers to potentially exploit it. By tricking an administrator into executing a malicious action, such as clicking on a deceptive link, an unauthenticated user could clear the cache without appropriate permissions, undermining the site's integrity.
Affected Version(s)
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer * <= 2.3.1
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Whit Taylor