CVE-2023-1931

2023-04-0621:15:07

Wordfence

web.nvd.nist.gov

wp fastest cache

wordpress

vulnerability

cve-2023-1931

unauthorized access

data loss

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

40.5%

JSON

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.

Affected configurations

Nvd

Vulners

Node

wpfastestcachewp_fastest_cacheRange≤1.1.2wordpress

VendorProductVersionCPE
wpfastestcachewp_fastest_cache*cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpfastestcache	wp_fastest_cache	*	cpe:2.3:a:wpfastestcache:wp_fastest_cache::::::wordpress::*

CNA Affected

[
  {
    "vendor": "emrevona",
    "product": "WP Fastest Cache",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]