Vulnerability Key Information Vulnerability Name: Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 1.2.2 Affected Plugin: WP Fastest Cache Plugin URL: - https://wordpress.org/plugins/wp-fastest-cache/ Author: - https://www.wpfastestcache.com Affected Versions: Versions lower than 1.2.2 CVE ID: 2023-6063 WPScan ID: 30a74105-8ade-4198-abe2-1c6f2967443e CVSS v3.1 Score: 8.6 Vulnerability Details Function: of the class is vulnerable to SQL Injection. Calling Function: Code Snippet Vulnerability Description The function retrieves the variable from any cookie whose name contains the text , extracting everything up to the first character. This variable is then inserted into the SQL query without any escaping or sanitization. Due to how the function is called and its position within the code, an attacker can exploit a time-based blind SQL injection payload. Additional Important Information The vulnerability was discovered by Alex Sanford. Collaboration and remediation efforts by the WPScan team led to the identification and resolution of the issue. The Proof-of-Concept (PoC) for this vulnerability is expected to be released on November 27, 2023.