7.2
CVE-2024-12314
- EPSS 0.38%
- Veröffentlicht 18.02.2025 05:15:09
- Zuletzt bearbeitet 24.02.2025 12:40:54
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginRapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.
Mögliche Gegenmaßnahme
Rapid Cache: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Rapid Cache
Version
*-1.2.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Megaoptim ≫ Rapid Cache SwPlatformwordpress Version <= 1.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.59 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-524 Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.