CVE-2015-4089

HIGH

WP Fastest Cache < 0.8.3.5 - Cross-Site Request Forgery via optionsPageRequest

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/wp-fastest-cache/#developers
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/26/20
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9756

Scores

CVSS v3 8.8
EPSS 0.0099
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
wpfastestcache/wp_fastest_cache < 0.8.3.4
Published Sep 19, 2017
Tracked Since Feb 18, 2026