Which WP Fastest Cache – WordPress Cache Plugin CVEs are tracked?

WP Fastest Cache – WordPress Cache Plugin tracked CVEs include CVE-2023-6063, CVE-2015-9316, CVE-2019-13635, CVE-2021-24869, and CVE-2021-24870.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 35 known issues Latest disclosed Nov 26, 2025

WP Fastest Cache – WordPress Cache Plugin Vulnerabilities

Q: How many WP Fastest Cache – WordPress Cache Plugin vulnerabilities have patch guidance?

35 of 35 tracked WP Fastest Cache – WordPress Cache Plugin records include a published patch path.

Review known vulnerability records for the WordPress plugin WP Fastest Cache – WordPress Cache Plugin (`wp-fastest-cache`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-10476, CVE-2024-4347 and CVE-2023-6063, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Nov 27, 2025

Priority CVE Quick Links

Fast paths into WP Fastest Cache – WordPress Cache Plugin CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2023-6063 Critical 1.2.2

CVE-2023-6063 WP Fastest Cache – WordPress Cache Plugin SQL Injection

WP Fastest Cache <= 1.2.1 - Unauthenticated SQL Injection

CVE-2015-9316 Critical 0.8.4.9

CVE-2015-9316 WP Fastest Cache – WordPress Cache Plugin SQL Injection

WP Fastest Cache < 0.8.4.9 - SQL Injection

CVE-2019-13635 Critical 0.8.9.6

CVE-2019-13635 WP Fastest Cache – WordPress Cache Plugin Vulnerability

WP Fastest Cache <= 0.8.9.5 - Directory Traversal

CVE-2021-24869 High 0.9.5

CVE-2021-24869 WP Fastest Cache – WordPress Cache Plugin SQL Injection

WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection

CVE-2021-24870 High 0.9.5

CVE-2021-24870 WP Fastest Cache – WordPress Cache Plugin Stored Cross-Site Scripting

WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2018-17584 High 0.8.8.6

CVE-2018-17584 WP Fastest Cache – WordPress Cache Plugin Cross-Site Request Forgery

WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions

CVE-2015-4089 High 0.8.3.5

CVE-2015-4089 WP Fastest Cache – WordPress Cache Plugin Cross-Site Request Forgery

WP Fastest Cache < 0.8.3.5 - Multiple Cross-Site Request Forgery

CVE-2020-36836 High 0.9.0.3

CVE-2020-36836 WP Fastest Cache – WordPress Cache Plugin Cross-Site Request Forgery

WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Fastest Cache – WordPress Cache Plugin so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

35 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

3 critical and 9 high severity findings.

Recent CVEs

CVE-2025-10476, CVE-2024-4347 and CVE-2023-6063

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-10476 Medium Patch path listed

CVE-2025-10476: WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, a...

Published

Nov 26, 2025

Patch Status

1.4.1

Open CVE-2025-10476 Report

CVE-2024-4347 High Patch path listed

CVE-2024-4347: WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for au...

Published

May 10, 2024

Patch Status

1.2.7

Open CVE-2024-4347 Report

CVE-2023-6063 Critical Patch path listed

CVE-2023-6063: WP Fastest Cache <= 1.2.1 - Unauthenticated SQL Injection

The WP Fastest Cache plugin for WordPress is vulnerable to SQL Injection via the '$username' variable retrieved via user cookies in all versions up to, and including, 1.2.1 due to insufficie...

Published

Nov 13, 2023

Patch Status

1.2.2

Open CVE-2023-6063 Report

Known Vulnerabilities

Reports for WP Fastest Cache – WordPress Cache Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-10476

CVE-2025-10476: WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-l...

Published

Nov 26, 2025

Patched Release

1.4.1

Affected Versions

Versions up to 1.4.0

Next Step

Update to 1.4.1 or newer if supported.

Open CVE-2025-10476 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-4347

CVE-2024-4347: WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config...

Published

May 10, 2024

Patched Release

1.2.7

Affected Versions

Versions up to 1.2.6

Next Step

Update to 1.2.7 or newer if supported.

Open CVE-2024-4347 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2023-6063

CVE-2023-6063: WP Fastest Cache <= 1.2.1 - Unauthenticated SQL Injection

The WP Fastest Cache plugin for WordPress is vulnerable to SQL Injection via the '$username' variable retrieved via user cookies in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exist...

Published

Nov 13, 2023

Patched Release

1.2.2

Affected Versions

Versions up to 1.2.1

Next Step

Update to 1.2.2 or newer if supported.

Open CVE-2023-6063 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1938

CVE-2023-1938: WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.4 via the 'check_url' function. This can allow Authenticated attackers with Administrator-level permissions to make web requests to arbitrary locations ori...

Published

May 02, 2023

Patched Release

1.1.5

Affected Versions

Versions up to 1.1.4

Next Step

Update to 1.1.5 or newer if supported.

Open CVE-2023-1938 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1928

CVE-2023-1928: WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-lev...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1928 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1924

CVE-2023-1924: WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated atta...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1924 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1927

CVE-2023-1927: WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1927 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1931

CVE-2023-1931: WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1931 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1922

CVE-2023-1922: WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthe...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1922 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1920

CVE-2023-1920: WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attacke...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1920 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1926

CVE-2023-1926: WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1926 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1929

CVE-2023-1929: WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber...

Published

Apr 06, 2023

Patched Release

1.1.3

Affected Versions

Versions up to 1.1.2

Next Step

Update to 1.1.3 or newer if supported.

Open CVE-2023-1929 Report Open CVE Reference