CVE-2024-12314

Name of the Vulnerable Software and Affected Versions Rapid Cache plugin for WordPress versions up to, and including, 1.2.3

Description The issue arises from the plugin storing HTTP headers in the cached data, making it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized, leading to Cross-Site Scripting. This vulnerability can be exploited by attackers to inject malicious content into the cache, potentially affecting users who access the cached content.

Recommendations For versions up to, and including, 1.2.3, update to a version later than 1.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the cache or disabling the storage of HTTP headers in the cached data until a patch is available. Avoid using unsanitized HTTP headers in the cache to minimize the risk of exploitation.