CVE-2015-9316

Name of the Vulnerable Software and Affected Versions wp-fastest-cache plugin versions prior to 0.8.4.9

Description The issue concerns SQL injection in the wp-fastest-cache plugin for WordPress. This occurs in the "wp-admin/admin-ajax.php" endpoint, specifically when the action parameter is set to "wpfc wppolls ajax request" and the poll id parameter is manipulated.

Recommendations For versions prior to 0.8.4.9, update to version 0.8.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php" endpoint with the "wpfc wppolls ajax request" action to minimize the risk of exploitation. Avoid using the poll id parameter in the affected endpoint until the issue is resolved.