CVE-2024-12314 HIGH

CVE-2024-12314: Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning

Vendor Megaoptim
Product Rapid Cache
Weakness CWE-524
Published February 18, 2025
Last update April 8, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.

Key dates

02Disclosure timeline

February 18, 2025 CVE published
April 8, 2026 Record updated