CVE-2021-24870

MEDIUM

WP Fastest Cache < 0.9.5 - CSRF & Stored XSS via wpfc_save_cdn_integration

Title source: llm
STIX 2.1

Description

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload

References (2)

Core 2
Core References
Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 16.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
wpfastestcache/wp_fastest_cache < 0.9.5
Published Jan 16, 2024
Tracked Since Feb 18, 2026