Devinlabs Solutions

WP Fastest Cache Plugin Flaw Endangers 600K WordPress Sites

There is a SQL injection vulnerability in the WordPress plugin WP Fastest Cache that could let unauthorized users access the site’s database.

WP Fastest Cache is a caching plugin that enhances user experience, accelerates page loads, and raises the website’s Google search engine rating. More than a million sites use it, according to statistics from WordPress.org.

wordpress attack

The SQL injection vulnerability, identified as CVE-2023-6063 and affecting all plugin versions prior to 1.2.2, was made public today by the Automattic WPScan team. The vulnerability has a high severity level of 8.6.

SQL injection vulnerabilities arise when software takes in input that directly modifies SQL queries, allowing arbitrary SQL code to be executed and potentially extract confidential data or even execute commands.

Specifically, the vulnerability affects the function “is_user_admin” of the “WpFastestCacheCreateCache” class in the WP Fastest Cache plugin. This function retrieves the value “$username” from cookies to determine if a user is an administrator.

The ‘$username’ input isn’t sanitized, thus an attacker may change the cookie value and change the SQL query that the plugin runs, giving them access to the database without authorization.

Sensitive data such as user information (IP addresses, emails, IDs), account passwords, plugin and theme configuration settings, and other data required for the operation of the website are commonly found in WordPress databases.

On November 27, 2023, WPScan will release a proof-of-concept (PoC) exploit for CVE-2023-6063. However, it should be emphasized that hackers can easily figure out how to exploit this vulnerability because it isn’t a very hard one.

The developer of WordPress Fastest Cache has published version 1.2.2, which includes a fix. It is advised that all plugin users update to the most recent version as soon as feasible.

Found what you were looking for?

Let’s book a scoping call to discuss your digital goals 🚀

Let’s Brew Success
For Your Business!