← back
CVE-2023-1938

WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

CVSS 8.8 HIGHEPSS 8.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 8.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · WP Fastest Cache

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/92b1c6d8-51db-46aa-bde6-abdfb091aab5