WordPress WP Fastest Cache plugin <= 0.8.5.8 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerabilities

wp-fastest-cache

Software
WP Fastest Cache
Versions
<= 0.8.5.8
Disclosure date
2017-06-20
CVE
CVE-N/A
Classification
Multiple Vulnerabilities
OWASP Top 10

Are your websites subject to this vulnerability?

Details

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerabilities were found in WordPress WP Fastest Cache plugin <= v0.8.5.8. The settings are not sanitized and escaped so the plugin is prone to a Cross-Site Scripting (XSS) vulnerability. It also missing a nonce for the settings form.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.