The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload
References
Link | Resource |
---|---|
https://jetpack.com/2021/10/14/multiple-vulnerabilities-in-wp-fastest-cache-plugin/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/48de63ab-2ef1-4469-8fc4-9346068bdf06/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:49:40.356Z
Updated: 2024-01-16T15:49:40.356Z
Reserved: 2021-01-14T15:03:46.807Z
Link: CVE-2021-24870
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T16:15:09.153
Modified: 2024-01-19T15:25:10.717
Link: CVE-2021-24870
JSON object: View
Redhat Information
No data.
CWE