cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36836,https://securityvulnerability.io/vulnerability/CVE-2020-36836,Unauthorized File Deletion Vulnerability in WP Fastest Cache,"The WP Fastest Cache plugin for WordPress is susceptible to a security flaw that permits authenticated users with minimal permissions to delete arbitrary files from the server. This vulnerability arises from inadequate capability checks and insufficient validation of file paths. Consequently, it poses a significant risk to the integrity of the server and its files, allowing potential exploitation by users with low-level access.",Wordpress,WP Fastest Cache,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-16T06:43:34.541Z,0
CVE-2024-4347,https://securityvulnerability.io/vulnerability/CVE-2024-4347,Dirty Cache Trouble: Vulnerability Affects WP Fastest Cache Plugin,"A directory traversal vulnerability exists in the WP Fastest Cache plugin for WordPress, affecting all versions up to and including 1.2.6. This vulnerability can be exploited through the specificDeleteCache function, allowing authenticated attackers to delete arbitrary files on the server. This includes sensitive configuration files like wp-config.php, which could jeopardize the security of the affected site, particularly in shared hosting environments. Prompt actions to update the affected plugin are highly recommended to mitigate potential risks.",Wordpress,WP Fastest Cache,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T05:32:15.439Z,0
CVE-2021-24870,https://securityvulnerability.io/vulnerability/CVE-2021-24870,WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting,"The WP Fastest Cache WordPress plugin prior to version 0.9.5 is prone to vulnerabilities due to the absence of a Cross-Site Request Forgery (CSRF) check in its wpfc_save_cdn_integration AJAX action. Additionally, the plugin does not properly sanitize and escape some options available through this action, enabling attackers to compel authenticated users with high privileges to execute this action and potentially set a Cross-Site Scripting payload. This flaw poses a risk to the security integrity of websites utilizing the plugin, highlighting the need for users to upgrade to the latest version to mitigate potential exploits.",Wordpress,WP Fastest Cache,6.1,MEDIUM,0.0005300000193528831,false,,false,false,true,true,false,false,2024-01-16T15:49:40.356Z,0
CVE-2021-24869,https://securityvulnerability.io/vulnerability/CVE-2021-24869,WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection,"A vulnerability exists in the WP Fastest Cache Plugin for WordPress prior to version 0.9.5 due to inadequate input sanitization in the set_urls_with_terms method. This flaw allows low privilege users, such as subscribers, to exploit the vulnerability, enabling them to manipulate SQL statements and potentially extract sensitive data from the database. The absence of proper escaping mechanisms for user inputs poses significant risks, particularly in environments where user roles are not tightly controlled.",Wordpress,WP Fastest Cache,8.8,HIGH,0.0008399999933317304,false,,false,false,true,true,false,false,2024-01-16T15:49:39.970Z,0
CVE-2023-6063,https://securityvulnerability.io/vulnerability/CVE-2023-6063,WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection,"The WP Fastest Cache plugin for WordPress is susceptible to a SQL injection vulnerability due to inadequate sanitization and escaping of user-supplied data in SQL statements. This flaw enables unauthenticated attackers to execute arbitrary SQL queries, potentially compromising the integrity of the database and leading to unauthorized data access.",Wordpress,WP Fastest Cache,7.5,HIGH,0.5658599734306335,false,,false,false,true,true,false,false,2023-12-04T22:15:00.000Z,0
CVE-2023-1375,https://securityvulnerability.io/vulnerability/CVE-2023-1375,Unauthorized Cache Deletion in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to unauthorized cache deletion due to a lack of necessary capability checks within the deleteCacheToolbar function. This flaw allows authenticated attackers who possess subscriber-level permissions or higher to delete the site's cache, potentially disrupting site performance and availability.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-1938,https://securityvulnerability.io/vulnerability/CVE-2023-1938,WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF,"The WP Fastest Cache plugin for WordPress, prior to version 1.1.5, exposes a vulnerability due to the absence of a CSRF check in its AJAX actions. This oversight allows for potential exploitation by unauthenticated users. Additionally, the plugin fails to properly validate user input when utilizing the wp_remote_get() function, which could lead to a Blind Server-Side Request Forgery (SSRF) attack. This flaw can be leveraged to make unauthorized requests to internal or external systems, potentially exposing sensitive data and leading to further compromise.",Wordpress,WP Fastest Cache,8.8,HIGH,0.0033599999733269215,false,,false,false,true,true,false,false,2023-05-30T08:15:00.000Z,0
CVE-2023-1929,https://securityvulnerability.io/vulnerability/CVE-2023-1929,Unauthorized Data Modification in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress suffers from a vulnerability that allows unauthenticated users with subscriber-level access to purge the varnish cache. This is due to a missing capability check in the wpfc_purgecache_varnish_callback function, potentially leading to unauthorized data modification. Users are urged to update to the latest version of the plugin to mitigate this risk.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-04-06T21:15:00.000Z,0
CVE-2023-1928,https://securityvulnerability.io/vulnerability/CVE-2023-1928,Unauthorized Data Modification in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is affected by a vulnerability that allows authenticated attackers with subscriber-level access to modify data improperly. This is due to the absence of a capability check in the wpfc_preload_single_callback function, which may lead to cache creation being initiated by unauthorized users. This flaw is present in versions up to and including 1.1.2 of the plugin.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-04-06T21:15:00.000Z,0
CVE-2023-1930,https://securityvulnerability.io/vulnerability/CVE-2023-1930,Unauthorized Data Deletion in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress has a serious security flaw that allows authenticated users with subscriber-level access to delete important cached data. This vulnerability arises from a lack of proper capability checks in the wpfc_clear_cache_of_allsites_callback function, present in versions up to and including 1.1.2. As a result, a malicious actor could exploit this gap to disrupt website functionality by removing cache files, potentially leading to performance degradation and user dissatisfaction.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-04-06T21:15:00.000Z,0
CVE-2023-1931,https://securityvulnerability.io/vulnerability/CVE-2023-1931,Unauthorized Data Loss Vulnerability in WP Fastest Cache for WordPress,"The WP Fastest Cache plugin for WordPress possesses a vulnerability that allows authenticated attackers with subscriber-level access to delete cached CSS and JS files due to a lack of adequate capability checks in the deleteCssAndJsCacheToolbar function. This flaw enables unauthorized data loss, posing a risk to site integrity and performance.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-04-06T21:15:00.000Z,0
CVE-2023-1927,https://securityvulnerability.io/vulnerability/CVE-2023-1927,Cross-Site Request Forgery in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is subject to a Cross-Site Request Forgery vulnerability in versions up to and including 1.1.2. This flaw arises from inadequate nonce validation in the deleteCssAndJsCacheToolbar function. By exploiting this vulnerability, unauthenticated attackers can potentially delete cache files by deceiving an administrator into executing a malicious request, such as clicking a crafted link, thereby compromising the integrity of the cache management processes.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T21:15:00.000Z,0
CVE-2023-1920,https://securityvulnerability.io/vulnerability/CVE-2023-1920,Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in the wpfc_purgecache_varnish_callback function. This flaw allows unauthorized attackers to issue a cache purge request, potentially disrupting site performance. The exploit requires user interaction, as attackers need to trick site administrators into executing malicious links, resulting in unauthorized cache management.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1918,https://securityvulnerability.io/vulnerability/CVE-2023-1918,Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability due to improper nonce validation in the wpfc_preload_single_callback function. This flaw allows unauthenticated attackers to trigger a cache building action by convincing a site administrator to click on a malicious link, potentially compromising the integrity and performance of the website. Administrators are strongly advised to update to the latest version to mitigate this risk.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1919,https://securityvulnerability.io/vulnerability/CVE-2023-1919,Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to a lack of proper nonce validation in the wpfc_preload_single_save_settings_callback function. This enables attackers, without needing authentication, to manipulate cache-related settings by tricking site administrators into executing unintended actions through deceptive links. As a result, it poses a significant risk to site integrity and functionality.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1921,https://securityvulnerability.io/vulnerability/CVE-2023-1921,Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation in the wpfc_start_cdn_integration_ajax_request_callback function. This vulnerability allows unauthenticated attackers to manipulate CDN settings, provided they can deceive an administrator into executing a forged request, typically by clicking on a malicious link. Users of versions up to and including 1.1.2 are urged to apply security updates to mitigate this risk.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1922,https://securityvulnerability.io/vulnerability/CVE-2023-1922,Cross-Site Request Forgery Vulnerability in WP Fastest Cache for WordPress,"The WP Fastest Cache plugin for WordPress contains a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the wpfc_pause_cdn_integration_ajax_request_callback function. This flaw allows unauthenticated attackers to exploit the vulnerability by convincing a site administrator to execute a crafted request, potentially altering CDN settings without proper authorization. Users of the plugin are encouraged to update to the latest version to mitigate this risk.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1923,https://securityvulnerability.io/vulnerability/CVE-2023-1923,Cross-Site Request Forgery Vulnerability in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the wpfc_remove_cdn_integration_ajax_request_callback function. This vulnerability permits attackers, without authentication, to manipulate CDN settings by deceiving a site administrator into executing a malicious request, such as clicking on a specially crafted link. It highlights the importance of proper nonce validation to prevent unauthorized actions within WordPress plugins.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1924,https://securityvulnerability.io/vulnerability/CVE-2023-1924,Cross-Site Request Forgery in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the wpfc_toolbar_save_settings_callback function. This flaw allows malicious actors to execute unauthorized changes to cache settings by inducing site administrators into performing unintended actions, such as clicking a deceptive link. This vulnerability underscores the importance of robust nonce validation to protect against CSRF attacks.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1925,https://securityvulnerability.io/vulnerability/CVE-2023-1925,Cross-Site Request Forgery in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit improper nonce validation in the wpfc_clear_cache_of_allsites_callback function. This issue enables adversaries to clear website caches by tricking an administrator into clicking a malicious link, potentially leading to significant disruption and performance issues for affected sites.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2023-1926,https://securityvulnerability.io/vulnerability/CVE-2023-1926,Cross-Site Request Forgery in WP Fastest Cache Plugin for WordPress,"The WP Fastest Cache plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) attack due to insufficient nonce validation in the deleteCacheToolbar function. An attacker can exploit this vulnerability by tricking a site administrator into executing a malicious request, allowing unauthorized cache deletion. This poses a risk to the integrity of the website's caching system, potentially leading to service disruption and affecting the user experience.",Wordpress,WP Fastest Cache,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-04-06T20:15:00.000Z,0
CVE-2015-9316,https://securityvulnerability.io/vulnerability/CVE-2015-9316,,The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.,Wordpress,WP Fastest Cache,9.8,CRITICAL,0.0028800000436604023,false,,false,false,false,,false,false,2019-08-14T14:48:11.000Z,0
CVE-2019-13635,https://securityvulnerability.io/vulnerability/CVE-2019-13635,,The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.,Wordpress,WP Fastest Cache,9.1,CRITICAL,0.0066200001165270805,false,,false,false,false,,false,false,2019-07-30T12:20:44.000Z,0
CVE-2019-6726,https://securityvulnerability.io/vulnerability/CVE-2019-6726,,The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.,Wordpress,WP Fastest Cache,6.5,MEDIUM,0.01331000030040741,false,,false,false,false,,false,false,2019-07-29T15:20:10.000Z,0
CVE-2018-17586,https://securityvulnerability.io/vulnerability/CVE-2018-17586,,The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.,Wordpress,WP Fastest Cache,6.1,MEDIUM,0.0016899999463930726,false,,false,false,false,,false,false,2019-04-15T19:45:15.000Z,0