[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbrnHzoPPdNlChC6gemUtNTQR0-wydsYlUtQKJbKbIEg":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-1938","wp-fastest-cache-authenticatedadministrator-blind-server-side-request-forgery-via-checkurl","WP Fastest Cache \u003C= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url","The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.4 via the 'check_url' function. This can allow Authenticated attackers with Administrator-level permissions to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Note that the function is also vulnerable to Cross-Site Request Forgery but this is only an issue due to the Server-Side Request Forgery capability.","wp-fastest-cache",null,"\u003C=1.1.4","1.1.5","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Server-Side Request Forgery (SSRF)","2023-05-02 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb937940c-a3e0-49d3-b066-550b78351b54?source=api-prod",266]