6.1
CVE-2021-24870
- EPSS 0.13%
- Veröffentlicht 16.01.2024 16:15:09
- Zuletzt bearbeitet 12.05.2025 15:15:54
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload
Mögliche Gegenmaßnahme
WP Fastest Cache: Update to version 0.9.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Fastest Cache
Version
[*, 0.9.5)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpfastestcache ≫ Wp Fastest Cache SwPlatformwordpress Version < 0.9.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.333 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.