CVE-2015-4089

EUVD-2015-4114
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
wpfastestcachewp_fastest_cache
𝑥
≤ 0.8.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/05/26/20
https://wordpress.org/plugins/wp-fastest-cache/#developers
https://wpvulndb.com/vulnerabilities/9756
http://www.openwall.com/lists/oss-security/2015/05/26/20
https://wordpress.org/plugins/wp-fastest-cache/#developers
https://wpvulndb.com/vulnerabilities/9756