CVE-2023–6063 || WP Fastest Cache — SQL injection vulnerability
Let’s see how to utilize Python to detect whether website that is utilizing “WP Fastest Cache” plugin which is vulnerable to CVE-2023–6063
Background :
WP Fastest Cache is a caching plugin used to speed up page loads, improve visitor experience, and boost the site’s ranking on Google search. According to WordPress.org stats, it is used by more than a million sites.
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database.
Affected versions:
WP Fastest Cache: < 1.2.2
Installation:
- Clone the repo
git clone https://github.com/IRB0T/CVE-Scan.git2. Navigate to the “CVE-2023–6063” directory
cd CVE-2023–6063-Scan3. Install the dependencies with pip. Depending on your local python3 setup, the required commands will be either:
pip install -r requirements.txt
OR
pip3 install -r requirements.txt4. Open CMD and type below command, Where you need to replace your target by providing appropriate URL. (E.g. Python CVE-2023–6063-Scan.py YOUR_URL)
Pyhton CVE-2023–6063-Scan.py http://192.168.0.2
Reference:
1.https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/
2.https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/
