CVE-2015-4089 Information
Feb 14, 2021
cve
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption (2) deleteCache (3) deleteCssAndJsCache or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://www.openwall.com/lists/oss-security/2015/05/26/20 https://wordpress.org/plugins/wp-fastest-cache/developers https://wpvulndb.com/vulnerabilities/9756
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: