Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in WP Fastest Cache
One of the strangest experiences we have had with trying to get a vulnerability fixed involved the pluginĀ WP Fastest Cache. After we had dug into the details that Wordfence failed to include when they disclosed a couple of vulnerabilities in that plugin, we noticed they had missed part of the vulnerabilities (which would be a good reason for them to fully disclose vulnerabilities so that others can catch that sort of problem). We then contacted the developer of the plugin to let them know about that and also let them know an additional issue that could be combined with that. We figured since they had fixed part of the issue that it would be easy to work with them to fix the additional issues we had identified. That turned out to not be the case. The problem had to do with part of the new vulnerability and the remaining issue from the othersĀ involving cross-site request forgery (CSRF), which involves causing someone else to take an action they didn’t intend to. That is admittedly a bit confusing since the person taking the action is allowed to do it they just don’t intend to.
...
This post provides insights on a vulnerability in the WordPress plugin WP Fastest Cache not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.
If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.
For existing customers, please log in to your account to view the rest of the contents of the post.