The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:33:02.864Z
Updated: 2024-08-02T08:35:14.578Z
Reserved: 2023-12-07T21:32:43.325Z
Link: CVE-2023-6598
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-11T09:15:49.933
Modified: 2024-01-17T21:24:33.233
Link: CVE-2023-6598
Redhat
No data.