CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate several database fix actions. This only affects sites with premium activated.
Explanation of Vulnerability in Simple Terms
WP Fastest Cache versions up to 1.4.0 lack proper authorization checks, allowing authenticated users with low privileges to modify site settings they should not access. An attacker with a basic WordPress account can change cache configuration without proper permission validation. This affects the plugin's administrative functions and could lead to unintended cache behavior or site performance issues.
What an attacker can do
Modify cache plugin settings without proper authorization.
Potential impact on your site
Unauthorized users can alter cache configuration, potentially degrading site performance or exposing cached data.
Conditions required to exploit
Attacker needs a low-privilege WordPress user account (e.g., subscriber or contributor).
Key dates
External resources
Related vulnerabilities
