What is CVE-2023-1929?

A recent vulnerability, CVE-2023-1929, has been discovered in the WP Fastest Cache plugin for WordPress, affecting versions up to and including 1.1.2. This medium-severity issue allows unauthorized data modification due to a missing capability check, enabling authenticated attackers with subscriber-level access to purge the varnish cache.

Who is impacted by this?

The vulnerability impacts WordPress websites using the affected versions of the WP Fastest Cache plugin.This issue allows authenticated attackers with subscriber-level access to make unauthorized data modifications by purging the varnish cache. If you're using the affected versions of the plugin, it's important to be aware of this vulnerability and its potential impact on your website.

What should I do if I’m affected?

If you're affected by the CVE-2023-1929 vulnerability, it's important to take action to protect your WordPress website. Follow these simple steps:

1. Update the WP Fastest Cache plugin to version 1.1.3 or a newer patched version.

2. Ensure all other plugins and themes are up-to-date to maintain overall security.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1929 vulnerability in the WP Fastest Cache plugin for WordPress is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, affecting versions up to and including 1.1.2, allows unauthorized data modification by attackers with subscriber-level access. To address this vulnerability, update the plugin to version 1.1.3 or higher.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-862, which involves missing authorization in the WP Fastest Cache plugin for WordPress.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• Wordfence Intelligence

• CVE Record