Vulnerabilities and security researches forwp-fastest-cache wp-fastest-cache

Direction: descending

Jan 08, 2026

WP Fastest Cache # CVE-2025-10583

CVE, Research URL: CVE-2025-10583
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Dec 12, 2025
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: max 1.7.5.
Status: vulnerable

WP Fastest Cache # CVE-2025-10476

CVE, Research URL: CVE-2025-10476
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Nov 27, 2025
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate several database fix actions. This only affects sites with premium activated.
Affected versions: max 1.4.1.
Status: vulnerable

Oct 17, 2024

WP Fastest Cache # CVE-2020-36836

CVE, Research URL: CVE-2020-36836
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Oct 16, 2024
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
Affected versions: max 0.9.0.3.
Status: vulnerable

Jun 06, 2024

WP Fastest Cache # CVE-2021-20714

CVE, Research URL: CVE-2021-20714
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 27, 2021
Research Description: Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors.
Affected versions: max 0.9.1.7.
Status: vulnerable

WP Fastest Cache # CVE-2018-17586

CVE, Research URL: CVE-2018-17586
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 16, 2019
Research Description: The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.
Affected versions: max 0.8.8.6.
Status: vulnerable

WP Fastest Cache # CVE-2018-17583

CVE, Research URL: CVE-2018-17583
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 16, 2019
Research Description: The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.
Affected versions: max 0.8.8.6.
Status: vulnerable

WP Fastest Cache # CVE-2015-4089

CVE, Research URL: CVE-2015-4089
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Sep 19, 2017
Research Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
Affected versions: max 0.8.4.9.
Status: vulnerable

WP Fastest Cache # CVE-2015-9316

CVE, Research URL: CVE-2015-9316
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Aug 14, 2019
Research Description: The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
Affected versions: max 0.8.4.9.
Status: vulnerable

WP Fastest Cache # CVE-2019-13635

CVE, Research URL: CVE-2019-13635
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Jul 30, 2019
Research Description: The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.
Affected versions: max 0.8.9.6.
Status: vulnerable

WP Fastest Cache # CVE-2019-6726

CVE, Research URL: CVE-2019-6726
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Jul 29, 2019
Research Description: The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.
Affected versions: max 0.8.9.1.
Status: vulnerable

WP Fastest Cache # CVE-2018-17584

CVE, Research URL: CVE-2018-17584
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 16, 2019
Research Description: The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.
Affected versions: max 0.8.8.6.
Status: vulnerable

WP Fastest Cache # CVE-2018-17585

CVE, Research URL: CVE-2018-17585
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 16, 2019
Research Description: The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.
Affected versions: max 0.8.8.6.
Status: vulnerable

WP Fastest Cache # CVE-2021-24870

CVE, Research URL: CVE-2021-24870
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Jan 16, 2024
Research Description: The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload
Affected versions: max 0.9.5.
Status: vulnerable

WP Fastest Cache # CVE-2021-24869

CVE, Research URL: CVE-2021-24869
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Jan 16, 2024
Research Description: The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber
Affected versions: max 0.8.5.8.
Status: vulnerable

WP Fastest Cache # CVE-2023-1927

CVE, Research URL: CVE-2023-1927
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1926

CVE, Research URL: CVE-2023-1926
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1930

CVE, Research URL: CVE-2023-1930
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1920

CVE, Research URL: CVE-2023-1920
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1925

CVE, Research URL: CVE-2023-1925
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1919

CVE, Research URL: CVE-2023-1919
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1375

CVE, Research URL: CVE-2023-1375
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Jun 09, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.
Affected versions: max 0.9.0.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1922

CVE, Research URL: CVE-2023-1922
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1923

CVE, Research URL: CVE-2023-1923
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1921

CVE, Research URL: CVE-2023-1921
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1918

CVE, Research URL: CVE-2023-1918
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1938

CVE, Research URL: CVE-2023-1938
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: May 30, 2023
Research Description: The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue
Affected versions: max 1.1.5.
Status: vulnerable

WP Fastest Cache # CVE-2023-6063

CVE, Research URL: CVE-2023-6063
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Dec 05, 2023
Research Description: The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
Affected versions: max 1.2.2.
Status: vulnerable

WP Fastest Cache # CVE-2024-4347

CVE, Research URL: CVE-2024-4347
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: May 23, 2024
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.
Affected versions: max 1.2.7.
Status: vulnerable

WP Fastest Cache # CVE-2023-1929

CVE, Research URL: CVE-2023-1929
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1924

CVE, Research URL: CVE-2023-1924
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1928

CVE, Research URL: CVE-2023-1928
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.
Affected versions: max 1.1.3.
Status: vulnerable

WP Fastest Cache # CVE-2023-1931

CVE, Research URL: CVE-2023-1931
Home page URL: Security reports for WP Fastest Cache
Application: WP Fastest Cache
Date: Apr 07, 2023
Research Description: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.
Affected versions: max 1.1.3.
Status: vulnerable