Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1929: Changeset 2893158 for wp-fastest-cache/trunk/wpFastestCache.php – WordPress Plugin Repository

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.

CVE
Open in Source
#js#wordpress#php#auth

  • wp-fastest-cache/trunk/wpFastestCache.php

    r2886944

    r2893158

410

410

411

411

        public function wpfc\_preload\_single\_callback(){

 

412

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

413

                die( 'Security check' );

 

414

            }

 

415

412

416

            include\_once('inc/single-preload.php');

413

417

            SinglePreloadWPFC::create\_cache();

…

…

 

425

429

426

430

        public function wpfc\_preload\_single\_save\_settings\_callback(){

 

431

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

432

                die( 'Security check' );

 

433

            }

 

434

427

435

            include\_once('inc/single-preload.php');

428

436

            SinglePreloadWPFC::save\_settings();

…

…

 

503

511

504

512

        public function wpfc\_db\_statics\_callback(){

 

513

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

514

                die( 'Security check' );

 

515

            }

 

516

           

505

517

            global $wpdb;

506

518

…

…

 

572

584

573

585

        public function wpfc\_save\_cdn\_integration\_ajax\_request\_callback(){

 

586

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'cdn-nonce')){

 

587

                die( 'Security check' );

 

588

            }

 

589

574

590

            include\_once('inc/cdn.php');

575

591

            CdnWPFC::save\_cdn\_integration();

…

…

 

577

593

578

594

        public function wpfc\_start\_cdn\_integration\_ajax\_request\_callback(){

 

595

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'cdn-nonce')){

 

596

                die( 'Security check' );

 

597

            }

 

598

579

599

            include\_once('inc/cdn.php');

580

600

            CdnWPFC::start\_cdn\_integration();

…

…

 

582

602

583

603

        public function wpfc\_pause\_cdn\_integration\_ajax\_request\_callback(){

 

604

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'cdn-nonce')){

 

605

                die( 'Security check' );

 

606

            }

 

607

584

608

            include\_once('inc/cdn.php');

585

609

            CdnWPFC::pause\_cdn\_integration();

…

…

 

587

611

588

612

        public function wpfc\_remove\_cdn\_integration\_ajax\_request\_callback(){

 

613

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'cdn-nonce')){

 

614

                die( 'Security check' );

 

615

            }

 

616

           

589

617

            include\_once('inc/cdn.php');

590

618

            CdnWPFC::remove\_cdn\_integration();

…

…

 

662

690

663

691

        public function wpfc\_purgecache\_varnish\_callback(){

 

692

            if(!wp\_verify\_nonce($\_REQUEST\["security"\], 'wpfc-varnish-ajax-nonce')){

 

693

                die( 'Security check' );

 

694

            }

 

695

664

696

            if($varnish\_datas = get\_option("WpFastestCacheVarnish")){

665

697

                include\_once('inc/varnish.php');

…

…

 

865

897

866

898

        public function deleteCacheToolbar(){

 

899

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

900

                die( 'Security check' );

 

901

            }

 

902

867

903

            $this->deleteCache();

868

904

        }

869

905

870

906

        public function deleteCssAndJsCacheToolbar(){

 

907

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

908

                die( 'Security check' );

 

909

            }

 

910

           

871

911

            $this->deleteCache(true);

872

912

        }

…

…

 

911

951

912

952

        public function wpfc\_toolbar\_save\_settings\_callback(){

 

953

            if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

954

                die( 'Security check' );

 

955

            }

 

956

913

957

            if(current\_user\_can('manage\_options')){

914

958

                if(is\_array($\_GET\["roles"\]) && !empty($\_GET\["roles"\])){

…

…

 

939

983

940

984

        public function wpfc\_clear\_cache\_of\_allsites\_callback(){

 

985

 

986

            if(defined('DOING\_AJAX') && DOING\_AJAX){

 

987

                if(!wp\_verify\_nonce($\_REQUEST\["nonce"\], 'wpfc')){

 

988

                    die( 'Security check' );

 

989

                }

 

990

            }

 

991

941

992

            include\_once('inc/cdn.php');

942

993

            CdnWPFC::cloudflare\_clear\_cache();

Related news

CVE-2023-1929: WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback' — Wordfence Intelligence

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE