Vulnerability Details : CVE-2023-1930

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.

Published 2023-04-06 21:15:08

Updated 2023-04-13 13:16:49

Source Wordfence

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-1930

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-1930

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2023-1930

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: [email protected] (Primary)

References for CVE-2023-1930

Products affected by CVE-2023-1930

Wpfastestcache » Wp Fastest Cache » For Wordpress
Versions up to, including, (<=) 1.1.2
cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*
Matching versions