In a recent development, the WPScan team has unearthed a significant security flaw within the widely-used WP Fastest Cache plugin.
This vulnerability, categorized as an unauthenticated SQL injection, could potentially grant unauthorized access to sensitive data in the WordPress database.
The vulnerability, identified as CVE-2023-6063, affects versions of WP Fastest Cache lower than 1.2.2.
Upon making this discovery during an internal review, the team at WPScan acted swiftly to inform the plugin’s development team.
In response, the developers promptly released version 1.2.2 to address and rectify the issue.
Examining the vulnerability
The crux of the vulnerability lies in the is_user_admin function of the WpFastestCacheCreateCache class, which is susceptible to SQL injection.
This function is invoked from the createCache function, presenting a potential entry point for malicious actors.
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Notably, the vulnerability is aggravated by the fact that the function is executed at plugin load time before the application’s data is sanitized by wp_magic_quotes().
To exploit this vulnerability, an unauthenticated attacker could manipulate the $username variable, obtained from a specific cookie, to inject a time-based blind SQL payload.
This could, in turn, lead to the extraction of sensitive information from the WordPress database.
Mitigation
Administrators utilizing WP Fastest Cache must take immediate action by updating their installations to version 1.2.2.
This update serves as a crucial safeguard against potential exploitation of the identified vulnerability.
WPScan plans to publish an entry on Nov. 27, 2023, for further details and proof-of-concept illustrating this security concern.
Website administrators and users alike are advised to stay vigilant and informed about the latest security updates to ensure the integrity and security of their WordPress installations.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.