Vulnerability CVE-2018-17584


Published: 2019-04-15

Description:
The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Wpfastestcache
Product: Wp fastest cache 
Version: 0.8.8.5;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing

Related CVE
CVE-2018-17586
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.
CVE-2018-17585
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.
CVE-2018-17583
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.
CVE-2015-4089
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests...

Copyright 2019, cxsecurity.com

 

Back to Top