CVE-2021-24870

Published: Jan 16, 2024Modified: May 12, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload

Affected (1)

Products: Wpfastestcache: Wp Fastest Cache

1 product

Wp Fastest Cache

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpfastestcache Wp Fastest Cache	Before 0.9.5

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/

Source: contact@wpscan.com

Third Party Advisory

https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.