oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request for WP Fastest Cache plugin

From: 0pc0deFR <0pc0defr () gmail com>
Date: Sun, 24 May 2015 07:20:32 +0200
CSRF vulnerability was found in WP Fastest Cache 0.8.3.4 plugin.

The vuln is found in admin.php:
        public function optionsPageRequest(){
            if(!empty($_POST)){
                if(isset($_POST["wpFastestCachePage"])){

if(preg_match("/admin\.php\?page=WpFastestCacheOptions/",
$_SERVER["REQUEST_URI"])){
                        if($_POST["wpFastestCachePage"] == "options"){
                            $this->saveOption();
                        }else if($_POST["wpFastestCachePage"] ==
"deleteCache"){
                            $this->deleteCache();
                        }else if($_POST["wpFastestCachePage"] ==
"deleteCssAndJsCache"){
                            $this->deleteCssAndJsCache();
                        }else if($_POST["wpFastestCachePage"] ==
"cacheTimeout"){
                            $this->addCacheTimeout();
                        }
                    }else{
                        die("Forbidden");
                    }
                }
            }
        }

The vuln is patched in 0.8.3.5 version.

--
Cordialement,

Kévin FALCOZ alias 0pc0deFR - Consultant Expert WordPress -
http://wordpress-expertise.fr

--
Regards,

Kévin FALCOZ aka 0pc0deFR - WordPress Expert Consultant -
http://wordpress-expertise.fr
Previous By Date Next
Previous By Thread Next

Current thread: