exploitDog

CVE-2024-12314

Опубликовано: 18 фев. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.

Ссылки

https://wordpress.org/plugins/rapid-cache/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/72b777ac-1870-4588-82fe-da96a784ec81?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:megaoptim:rapid_cache:*:*:*:*:*:wordpress:*:*

Версия до 1.2.3 (включая)

EPSS

Процентиль: 59%

0.00382

Низкий

7.2 High

CVSS3

Дефекты

CWE-524

NVD-CWE-Other

Связанные уязвимости

GHSA-pp8h-hgq9-wfrj

CVSS3: 7.2

github

12 месяцев назад

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.

EPSS

Процентиль: 59%

0.00382

Низкий

7.2 High

CVSS3

Дефекты

CWE-524

NVD-CWE-Other