Published: 04/12/2023 Updated: 08/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The WP Fastest Cache WordPress plugin prior to 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpfastestcache wp fastest cache

Check Point Reference: CPAI-2023-1241 Date Published: 28 Nov 2023 Severity: High ...

WordPress WP Fastest Cache plugin version 122 suffers from an unauthenticated remote SQL injection vulnerability ...

Here you will find different Scripts that will help us how to detect newly discovered CVEs

CVE-Scan Here you will find different Scripts that will help us how to detect newly discovered CVEs SNo CVE Scan Link 1 CVE-2023-5360 githubcom/IRB0T/CVE-Scan/tree/main/CVE-2023-5360-Scan 2 CVE-2023-4666 githubcom/IRB0T/CVE-Scan/tree/main/CVE-2023-4666-Scan 3 CVE-2023-6063 githubcom/IRB0T/CVE-Scan/tree/main/cve-2023-6063-Scan 4 EmbedPre

wordpress-exploit Mass Exploit - CVE-2023-38389 < Wordpress < JupiterX Core < Unauthenticated Account Takeover githubcom/codeb0ss/CVE-2023-38389-PoC Automatic Mass Tool for checking vulnerability in CVE-2022-4060 - WordPress Plugin : User Post Gallery <= 219 - Unauthenticated RCE githubcom/im-hanzou/UPGer CVE-2022-4061 - JobBoardWP

CVE-2023-6063 (WP Fastest Cache < 1.2.2 - UnAuth SQL Injection)

CVE-2023-6063 PoC Reference Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 122 | WPScan Plugin setting Enable "WP Fastest Cache" PoC The "wordpress_logged_in" cookie parameter is vulnerable $ python sqlmappy --dbms=mysql -u "127001/wp-loginphp" --cookie='wordpress_logged_in=*' --level=2 --sche

CVE-2023-6063 (WP Fastest Cache < 1.2.2 - UnAuth SQL Injection)

CVE-2023-6063 PoC Reference Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 122 | WPScan Plugin setting Enable "WP Fastest Cache" PoC The "wordpress_logged_in" cookie parameter is vulnerable $ python sqlmappy --dbms=mysql -u "127001/wp-loginphp" --cookie='wordpress_logged_in=*' --level=2 --sche

CVE-2023-6063 (WP Fastest Cache < 1.2.2 - UnAuth SQL Injection)

CVE-2023-6063 PoC Reference Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 122 | WPScan Plugin setting Enable "WP Fastest Cache" PoC The "wordpress_logged_in" cookie parameter is vulnerable $ python sqlmappy --dbms=mysql -u "127001/wp-loginphp" --cookie='wordpress_logged_in=*' --level=2 --sche

Exploiting SQL Injection Vulnerability in WP Fastest Cache (CVE-2023-6063)

CVE-2023-6063-PoC Exploiting SQL Injection Vulnerability in WP Fastest Cache (CVE-2023-6063)

wordpress-exploit Mass Exploit - CVE-2023-38389 < Wordpress < JupiterX Core < Unauthenticated Account Takeover githubcom/codeb0ss/CVE-2023-38389-PoC Automatic Mass Tool for checking vulnerability in CVE-2022-4060 - WordPress Plugin : User Post Gallery <= 219 - Unauthenticated RCE githubcom/im-hanzou/UPGer CVE-2022-4061 - JobBoardWP

CWE-89 https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/https://nvd.nist.gov https://packetstormsecurity.com/files/177336/WordPress-WP-Fastest-Cache-1.2.2-SQL-Injection.html https://github.com/IRB0T/CVE-Scan https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1241.html

CVE-2023-6063

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect