CVE-2015-4089

Published: Sep 19, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

Affected (1)

Products: Wpfastestcache: Wp Fastest Cache

1 product

Wp Fastest Cache

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpfastestcache Wp Fastest Cache	Up to 0.8.3.4

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.openwall.com/lists/oss-security/2015/05/26/20

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://wordpress.org/plugins/wp-fastest-cache/#developers

Source: cve@mitre.org

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9756

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/05/26/20

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://wordpress.org/plugins/wp-fastest-cache/#developers

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9756

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.