CVE-2021-24870

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:53

Type Values Removed Values Added
References () https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/ - Exploit, Third Party Advisory () https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/ - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/ - Third Party Advisory () https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/ - Third Party Advisory

19 Jan 2024, 15:25

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 16:15

Updated : 2024-11-21 05:53


NVD link : CVE-2021-24870

Mitre link : CVE-2021-24870

CVE.ORG link : CVE-2021-24870


JSON object : View

Products Affected

wpfastestcache

  • wp_fastest_cache
CWE
CWE-352

Cross-Site Request Forgery (CSRF)