CVE-2023-1938

Summary

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue

Affected Software

VendorProductVersion RangeStatus
UnknownWP Fastest Cache0 < 1.1.5affected

Weaknesses

  • CWE-918 Server-Side Request Forgery (SSRF)
  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References