.. / CVE-2023-6063

Exploit for WP Fastest Cache 1.2.2 - SQL Injection (CVE-2023-6063)

Description:

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Nuclei Template

View the template here CVE-2023-6063.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-6063.yaml
Copy

References:

https://wordpress.org/plugins/wp-fastest-cache/
https://github.com/motikan2010/CVE-2023-6063-PoC
https://wpscan.com/vulnerability/30a74105-8ade-4198-abe2-1c6f2967443e/
https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/
https://nvd.nist.gov/vuln/detail/CVE-2023-6063