The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Wp_fastest_cache | Wpfastestcache | * | 1.1.2 (including) |