PT-2023-17349 · WordPress · Wp Fastest Cache
Marco Wotschka
·
Published
2023-04-06
·
Updated
2023-04-13
·
CVE-2023-1929
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2
Description
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the
wpfc purgecache varnish callback function. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.Recommendations
For WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2, consider disabling the
wpfc purgecache varnish callback function until a patch is available to prevent unauthorized data modification.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Fastest Cache