WordPress Plugin Vulnerabilities

WP Fatest Cache < 1.1.3 - Multiple CSRF

Description

The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions (such as update CDN/Cache settings ) via CSRF attacks

Affects Plugins

Plugin icon
wp-fastest-cache
Fixed in 1.1.3

References

CVE
CVE-2023-1919
CVE
CVE-2023-1920
CVE
CVE-2023-1921
CVE
CVE-2023-1923
CVE
CVE-2023-1924
CVE
CVE-2023-1925
CVE
CVE-2023-1926
CVE
CVE-2023-1927

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
3.7 (low)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
fd1ed3d9-2132-4a3c-8b17-67d393969b46

Timeline

Publicly Published
2023-04-06 (about 3 years ago)
Added
2023-04-07 (about 3 years ago)
Last Updated
2026-04-13 (about 18 days ago)

Other

Published
Title
Published
2021-12-09
Title
tarteaucitron.js - Cookies legislation & GDPR < 1.6 - CSRF to Stored Cross-Site Scripting
Published
2025-04-24
Title
Call Now PHT Blog <= 2.4.1 - Cross-Site Request Forgery
Published
2014-08-01
Title
GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF
Published
2025-02-18
Title
Disable Auto Updates <= 1.4 - Cross-Site Request Forgery to Auto-update Disable
Published
2014-08-01
Title
Euclid - CSRF