The SQL injection vulnerability, identified as CVE-2023-6063 and affecting all plugin versions prior to 1.2.2, was made public today by the Automattic WPScan team. The vulnerability has a high severity level of 8.6.

SQL injection vulnerabilities arise when software takes in input that directly modifies SQL queries, allowing arbitrary SQL code to be executed and potentially extract confidential data or even execute commands.

Specifically, the vulnerability affects the function “is_user_admin” of the “WpFastestCacheCreateCache” class in the WP Fastest Cache plugin. This function retrieves the value “$username” from cookies to determine if a user is an administrator.

The ‘$username’ input isn’t sanitized, thus an attacker may change the cookie value and change the SQL query that the plugin runs, giving them access to the database without authorization.

Sensitive data such as user information (IP addresses, emails, IDs), account passwords, plugin and theme configuration settings, and other data required for the operation of the website are commonly found in WordPress databases.

On November 27, 2023, WPScan will release a proof-of-concept (PoC) exploit for CVE-2023-6063. However, it should be emphasized that hackers can easily figure out how to exploit this vulnerability because it isn’t a very hard one.

The developer of WordPress Fastest Cache has published version 1.2.2, which includes a fix. It is advised that all plugin users update to the most recent version as soon as feasible.