Low Published: Dec 12, 2025

CVE-2025-10583

3.5 CVSS Score Low

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Export:

Link copied!

Description

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality None

Integrity Low

Availability None

Weaknesses (CWE)

CWE-862

References & External Links

https://research.cleantalk.org/2025-10583
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e64c54-a78f-454a-a9ee-02f64b6ae83d?source=cve
https://www.wpfastestcache.com/changelog/

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker