High-severity vulnerability found in WP Fastest Cache WordPress plugin
A vulnerability has been discovered in the WP Fastest Cache plugin that allows unauthenticated attackers to read the contents of the site’s database.
Hadrian recommends updating WP Fastest Cache to version 1.2.2 or greater.
What is the WP Fastest Cache vulnerability?
The WP Fastest Cache vulnerability (CVE-2023-6063) is an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database. SQL injection attacks are a type of attack that allow SQL queries to be manipulated to read and modify data, exfiltrate files or execute commands.
This particular vulnerability could allow an attacker to gain unauthorized access to a database. The flaw lies in the is_user_admin function of the WpFastestCacheCreateCache class of the plugin. The function is intended to check the $username value from any cookie with the text wordpress_logged_in in its name. However, the input is not sanitized which could allow an attacker to alter the value and gain access to WordPress databases.
WordPress databases can contain sensitive information such as user data, account passwords, plugin details and configuration settings. Alex Sanford at WPScan discovered this vulnerability. What has yet to be confirmed is the exploitability. WPScan will publish a proof of concept on 27 November.
What does WP Fastest Cache do?
WP Fastest Cache is an optimization tool that improves a website's performance and reduces the system load serving a webpage. Site speed is important to many administrators because Google’s search ranking algorithm considers page load time as a factor. System load is significant because it allows a server to support more simultaneous page requests.
The utility of the plugin has led to its widespread adoption. Statistics available on WordPress.org show that WP Fastest Cache has been downloaded over 45 million times and is actively used on over a million sites. Bleeping Computer has reported that the vulnerability impacts 600 thousand websites.
The plugin should be immediately updated to version 1.2.2, which was released on 13th November.
WordPress is often targeted because it is used on over 40% of all websites and has a large number of 3rd party plugins. Threat actors commonly use poorly maintained plugins as a vector when launching their attacks.
Organizations should implement an external exposure management solution to identify risks before they are exploited. Get in touch with our experts to learn more.