oss-sec mailing list archives
CVE Request for WP Fastest Cache plugin
From: 0pc0deFR <0pc0defr () gmail com>
Date: Sun, 24 May 2015 07:20:32 +0200
CSRF vulnerability was found in WP Fastest Cache 0.8.3.4 plugin. The vuln is found in admin.php: public function optionsPageRequest(){ if(!empty($_POST)){ if(isset($_POST["wpFastestCachePage"])){ if(preg_match("/admin\.php\?page=WpFastestCacheOptions/", $_SERVER["REQUEST_URI"])){ if($_POST["wpFastestCachePage"] == "options"){ $this->saveOption(); }else if($_POST["wpFastestCachePage"] == "deleteCache"){ $this->deleteCache(); }else if($_POST["wpFastestCachePage"] == "deleteCssAndJsCache"){ $this->deleteCssAndJsCache(); }else if($_POST["wpFastestCachePage"] == "cacheTimeout"){ $this->addCacheTimeout(); } }else{ die("Forbidden"); } } } } The vuln is patched in 0.8.3.5 version. -- Cordialement, Kévin FALCOZ alias 0pc0deFR - Consultant Expert WordPress - http://wordpress-expertise.fr -- Regards, Kévin FALCOZ aka 0pc0deFR - WordPress Expert Consultant - http://wordpress-expertise.fr
Current thread:
- CVE Request for WP Fastest Cache plugin 0pc0deFR (May 23)
- Re: CVE Request for WP Fastest Cache plugin cve-assign (May 26)