WordPress Plugin Vulnerabilities

WP Fatest Cache < 1.1.3 - Multiple CSRF

Description

The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions (such as update CDN/Cache settings ) via CSRF attacks

Affects Plugins

Plugin icon
wp-fastest-cache
Fixed in 1.1.3

References

CVE
CVE-2023-1919
CVE
CVE-2023-1920
CVE
CVE-2023-1921
CVE
CVE-2023-1923
CVE
CVE-2023-1924
CVE
CVE-2023-1925
CVE
CVE-2023-1926
CVE
CVE-2023-1927

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
3.7 (low)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
fd1ed3d9-2132-4a3c-8b17-67d393969b46

Timeline

Publicly Published
2023-04-06 (about 2 years ago)
Added
2023-04-07 (about 2 years ago)
Last Updated
2023-04-07 (about 2 years ago)

Other

Published
Title
Published
2025-07-30
Title
Connector for Gravity Forms and Google Sheets < 1.2.5 - Cross-Site Request Forgery
Published
2025-05-16
Title
SEO Flow by LupsOnline < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2020-09-26
Title
Customizr < 4.3.1 - Arbitrary Settings Update via CSRF
Published
2025-02-20
Title
WPUpper Share Buttons < 3.52 - Cross-Site Request Forgery to Custom CSS Update
Published
2022-09-26
Title
Oceanwp Sticky Header <= 1.0.8 - CSRF