CVE-2021-24870

Name of the Vulnerable Software and Affected Versions WP Fastest Cache versions prior to 0.9.5

Description The issue is related to a lack of CSRF check in the wpfc save cdn integration AJAX action and insufficient sanitization and escaping of some options available via this action. This could allow attackers to make logged-in high-privilege users call the action and set a Cross-Site Scripting payload.

Recommendations For versions prior to 0.9.5, update to version 0.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpfc save cdn integration AJAX action until a patch is applied.