The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.
WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search. According to WordPress.org stats, it is used by
more than a million sites.
Download
statistics from WordPress.org show that more than 600,000 websites still run a vulnerable version of the plugin and are exposed to potential attacks.
Today, the WPScan team from Automattic
disclosed the details of an SQL injection vulnerability, tracked as CVE-2023-6063 and with a high-severity score of 8.6, impacting all versions of the plugin before 1.2.2.
