Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities found for Fastly by Fastly

    CVE-2025-58199 (GCVE-0-2025-58199)

    Vulnerability from nvd – Published: 2025-09-22 18:23 – Updated: 2026-05-12 01:00
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
    Severity
    4.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: 0 , ≤ 1.2.28 (custom)
    		Create a notification for this product.
    Date Public
    2026-04-01 16:42
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-23T15:55:17.079695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T01:00:24.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.29",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nabil Irawan | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:42:22.586Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Fastly: from n/a through \u003c= 1.2.28.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through \u003c= 1.2.28."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-62",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:13:41.783Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Fastly plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-58199",
    "datePublished": "2025-09-22T18:23:51.395Z",
    "dateReserved": "2025-08-27T16:18:58.324Z",
    "dateUpdated": "2026-05-12T01:00:24.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2024-34768 (GCVE-0-2024-34768)

    Vulnerability from nvd – Published: 2024-06-11 16:42 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
    Severity
    5.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: n/a , ≤ 1.2.25 (custom)
    		Create a notification for this product.
    Credits
    Joshua Chan (Patchstack Alliance)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:42:39.650690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T16:43:03.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.26",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.25",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:50.127Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.2.26 or a higher version."
            }
          ],
          "value": "Update to 1.2.26 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34768",
    "datePublished": "2024-06-11T16:42:16.302Z",
    "dateReserved": "2024-05-08T12:03:07.439Z",
    "dateUpdated": "2026-04-28T16:09:50.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2024-34803 (GCVE-0-2024-34803)

    Vulnerability from nvd – Published: 2024-06-03 10:18 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
    Severity
    4.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: n/a , ≤ 1.2.25 (custom)
    		Create a notification for this product.
    Credits
    Majed Refaea (Patchstack Alliance)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T15:11:18.743240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:59.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.26",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.25",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Majed Refaea (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:50.864Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.2.26 or a higher version."
            }
          ],
          "value": "Update to 1.2.26 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34803",
    "datePublished": "2024-06-03T10:18:56.905Z",
    "dateReserved": "2024-05-09T12:14:23.897Z",
    "dateUpdated": "2026-04-28T16:09:50.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2015-10094 (GCVE-0-2015-10094)

    Vulnerability from nvd – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
    VLAI
    Title
    Fastly Plugin api.php post cross site scripting
    Summary
    A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
    Severity
    2.4 (Low)
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
    2.4 (Low)
    CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Fastly Plugin Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12
    Affected: 0.13
    Affected: 0.14
    Affected: 0.15
    Affected: 0.16
    Affected: 0.17
    Affected: 0.18
    Affected: 0.19
    Affected: 0.20
    Affected: 0.21
    Affected: 0.22
    Affected: 0.23
    Affected: 0.24
    Affected: 0.25
    Affected: 0.26
    Affected: 0.27
    Affected: 0.28
    Affected: 0.29
    Affected: 0.30
    Affected: 0.31
    Affected: 0.32
    Affected: 0.33
    Affected: 0.34
    Affected: 0.35
    Affected: 0.36
    Affected: 0.37
    Affected: 0.38
    Affected: 0.39
    Affected: 0.40
    Affected: 0.41
    Affected: 0.42
    Affected: 0.43
    Affected: 0.44
    Affected: 0.45
    Affected: 0.46
    Affected: 0.47
    Affected: 0.48
    Affected: 0.49
    Affected: 0.50
    Affected: 0.51
    Affected: 0.52
    Affected: 0.53
    Affected: 0.54
    Affected: 0.55
    Affected: 0.56
    Affected: 0.57
    Affected: 0.58
    Affected: 0.59
    Affected: 0.60
    Affected: 0.61
    Affected: 0.62
    Affected: 0.63
    Affected: 0.64
    Affected: 0.65
    Affected: 0.66
    Affected: 0.67
    Affected: 0.68
    Affected: 0.69
    Affected: 0.70
    Affected: 0.71
    Affected: 0.72
    Affected: 0.73
    Affected: 0.74
    Affected: 0.75
    Affected: 0.76
    Affected: 0.77
    Affected: 0.78
    Affected: 0.79
    Affected: 0.80
    Affected: 0.81
    Affected: 0.82
    Affected: 0.83
    Affected: 0.84
    Affected: 0.85
    Affected: 0.86
    Affected: 0.87
    Affected: 0.88
    Affected: 0.89
    Affected: 0.90
    Affected: 0.91
    Affected: 0.92
    Affected: 0.93
    Affected: 0.94
    Affected: 0.95
    Affected: 0.96
    Affected: 0.97
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:58:26.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.222326"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.222326"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fastly Plugin",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            },
            {
              "status": "affected",
              "version": "0.2"
            },
            {
              "status": "affected",
              "version": "0.3"
            },
            {
              "status": "affected",
              "version": "0.4"
            },
            {
              "status": "affected",
              "version": "0.5"
            },
            {
              "status": "affected",
              "version": "0.6"
            },
            {
              "status": "affected",
              "version": "0.7"
            },
            {
              "status": "affected",
              "version": "0.8"
            },
            {
              "status": "affected",
              "version": "0.9"
            },
            {
              "status": "affected",
              "version": "0.10"
            },
            {
              "status": "affected",
              "version": "0.11"
            },
            {
              "status": "affected",
              "version": "0.12"
            },
            {
              "status": "affected",
              "version": "0.13"
            },
            {
              "status": "affected",
              "version": "0.14"
            },
            {
              "status": "affected",
              "version": "0.15"
            },
            {
              "status": "affected",
              "version": "0.16"
            },
            {
              "status": "affected",
              "version": "0.17"
            },
            {
              "status": "affected",
              "version": "0.18"
            },
            {
              "status": "affected",
              "version": "0.19"
            },
            {
              "status": "affected",
              "version": "0.20"
            },
            {
              "status": "affected",
              "version": "0.21"
            },
            {
              "status": "affected",
              "version": "0.22"
            },
            {
              "status": "affected",
              "version": "0.23"
            },
            {
              "status": "affected",
              "version": "0.24"
            },
            {
              "status": "affected",
              "version": "0.25"
            },
            {
              "status": "affected",
              "version": "0.26"
            },
            {
              "status": "affected",
              "version": "0.27"
            },
            {
              "status": "affected",
              "version": "0.28"
            },
            {
              "status": "affected",
              "version": "0.29"
            },
            {
              "status": "affected",
              "version": "0.30"
            },
            {
              "status": "affected",
              "version": "0.31"
            },
            {
              "status": "affected",
              "version": "0.32"
            },
            {
              "status": "affected",
              "version": "0.33"
            },
            {
              "status": "affected",
              "version": "0.34"
            },
            {
              "status": "affected",
              "version": "0.35"
            },
            {
              "status": "affected",
              "version": "0.36"
            },
            {
              "status": "affected",
              "version": "0.37"
            },
            {
              "status": "affected",
              "version": "0.38"
            },
            {
              "status": "affected",
              "version": "0.39"
            },
            {
              "status": "affected",
              "version": "0.40"
            },
            {
              "status": "affected",
              "version": "0.41"
            },
            {
              "status": "affected",
              "version": "0.42"
            },
            {
              "status": "affected",
              "version": "0.43"
            },
            {
              "status": "affected",
              "version": "0.44"
            },
            {
              "status": "affected",
              "version": "0.45"
            },
            {
              "status": "affected",
              "version": "0.46"
            },
            {
              "status": "affected",
              "version": "0.47"
            },
            {
              "status": "affected",
              "version": "0.48"
            },
            {
              "status": "affected",
              "version": "0.49"
            },
            {
              "status": "affected",
              "version": "0.50"
            },
            {
              "status": "affected",
              "version": "0.51"
            },
            {
              "status": "affected",
              "version": "0.52"
            },
            {
              "status": "affected",
              "version": "0.53"
            },
            {
              "status": "affected",
              "version": "0.54"
            },
            {
              "status": "affected",
              "version": "0.55"
            },
            {
              "status": "affected",
              "version": "0.56"
            },
            {
              "status": "affected",
              "version": "0.57"
            },
            {
              "status": "affected",
              "version": "0.58"
            },
            {
              "status": "affected",
              "version": "0.59"
            },
            {
              "status": "affected",
              "version": "0.60"
            },
            {
              "status": "affected",
              "version": "0.61"
            },
            {
              "status": "affected",
              "version": "0.62"
            },
            {
              "status": "affected",
              "version": "0.63"
            },
            {
              "status": "affected",
              "version": "0.64"
            },
            {
              "status": "affected",
              "version": "0.65"
            },
            {
              "status": "affected",
              "version": "0.66"
            },
            {
              "status": "affected",
              "version": "0.67"
            },
            {
              "status": "affected",
              "version": "0.68"
            },
            {
              "status": "affected",
              "version": "0.69"
            },
            {
              "status": "affected",
              "version": "0.70"
            },
            {
              "status": "affected",
              "version": "0.71"
            },
            {
              "status": "affected",
              "version": "0.72"
            },
            {
              "status": "affected",
              "version": "0.73"
            },
            {
              "status": "affected",
              "version": "0.74"
            },
            {
              "status": "affected",
              "version": "0.75"
            },
            {
              "status": "affected",
              "version": "0.76"
            },
            {
              "status": "affected",
              "version": "0.77"
            },
            {
              "status": "affected",
              "version": "0.78"
            },
            {
              "status": "affected",
              "version": "0.79"
            },
            {
              "status": "affected",
              "version": "0.80"
            },
            {
              "status": "affected",
              "version": "0.81"
            },
            {
              "status": "affected",
              "version": "0.82"
            },
            {
              "status": "affected",
              "version": "0.83"
            },
            {
              "status": "affected",
              "version": "0.84"
            },
            {
              "status": "affected",
              "version": "0.85"
            },
            {
              "status": "affected",
              "version": "0.86"
            },
            {
              "status": "affected",
              "version": "0.87"
            },
            {
              "status": "affected",
              "version": "0.88"
            },
            {
              "status": "affected",
              "version": "0.89"
            },
            {
              "status": "affected",
              "version": "0.90"
            },
            {
              "status": "affected",
              "version": "0.91"
            },
            {
              "status": "affected",
              "version": "0.92"
            },
            {
              "status": "affected",
              "version": "0.93"
            },
            {
              "status": "affected",
              "version": "0.94"
            },
            {
              "status": "affected",
              "version": "0.95"
            },
            {
              "status": "affected",
              "version": "0.96"
            },
            {
              "status": "affected",
              "version": "0.97"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T09:13:31.518Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.222326"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.222326"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-03-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-03-04T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-03-04T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-03-31T13:27:52.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Fastly Plugin api.php post cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2015-10094",
    "datePublished": "2023-03-06T14:31:04.388Z",
    "dateReserved": "2023-03-04T15:23:20.129Z",
    "dateUpdated": "2024-08-06T08:58:26.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2017-13761 (GCVE-0-2017-13761)

    Vulnerability from nvd – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
    VLAI
    Summary
    The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-12 00:00
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:20.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T17:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
              "refsource": "CONFIRM",
              "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13761",
    "datePublished": "2017-09-14T17:00:00.000Z",
    "dateReserved": "2017-08-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:05:20.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2025-58199 (GCVE-0-2025-58199)

    Vulnerability from cvelistv5 – Published: 2025-09-22 18:23 – Updated: 2026-05-12 01:00
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through <= 1.2.28.
    Severity
    4.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: 0 , ≤ 1.2.28 (custom)
    		Create a notification for this product.
    Date Public
    2026-04-01 16:42
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-23T15:55:17.079695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T01:00:24.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.29",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nabil Irawan | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-01T16:42:22.586Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Fastly: from n/a through \u003c= 1.2.28.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly fastly allows Cross Site Request Forgery.This issue affects Fastly: from n/a through \u003c= 1.2.28."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-62",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross Site Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:13:41.783Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Fastly plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-58199",
    "datePublished": "2025-09-22T18:23:51.395Z",
    "dateReserved": "2025-08-27T16:18:58.324Z",
    "dateUpdated": "2026-05-12T01:00:24.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2024-34768 (GCVE-0-2024-34768)

    Vulnerability from cvelistv5 – Published: 2024-06-11 16:42 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
    Severity
    5.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: n/a , ≤ 1.2.25 (custom)
    		Create a notification for this product.
    Credits
    Joshua Chan (Patchstack Alliance)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T16:42:39.650690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T16:43:03.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.26",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.25",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Joshua Chan (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:50.127Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.2.26 or a higher version."
            }
          ],
          "value": "Update to 1.2.26 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34768",
    "datePublished": "2024-06-11T16:42:16.302Z",
    "dateReserved": "2024-05-08T12:03:07.439Z",
    "dateUpdated": "2026-04-28T16:09:50.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2024-34803 (GCVE-0-2024-34803)

    Vulnerability from cvelistv5 – Published: 2024-06-03 10:18 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
    Severity
    4.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fastly Fastly Affected: n/a , ≤ 1.2.25 (custom)
    		Create a notification for this product.
    Credits
    Majed Refaea (Patchstack Alliance)
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T15:11:18.743240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:40:59.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fastly",
          "product": "Fastly",
          "vendor": "Fastly",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.2.26",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.2.25",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Majed Refaea (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:09:50.864Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 1.2.26 or a higher version."
            }
          ],
          "value": "Update to 1.2.26 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-34803",
    "datePublished": "2024-06-03T10:18:56.905Z",
    "dateReserved": "2024-05-09T12:14:23.897Z",
    "dateUpdated": "2026-04-28T16:09:50.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2015-10094 (GCVE-0-2015-10094)

    Vulnerability from cvelistv5 – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
    VLAI
    Title
    Fastly Plugin api.php post cross site scripting
    Summary
    A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
    Severity
    2.4 (Low)
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
    2.4 (Low)
    CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Fastly Plugin Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Affected: 0.9
    Affected: 0.10
    Affected: 0.11
    Affected: 0.12
    Affected: 0.13
    Affected: 0.14
    Affected: 0.15
    Affected: 0.16
    Affected: 0.17
    Affected: 0.18
    Affected: 0.19
    Affected: 0.20
    Affected: 0.21
    Affected: 0.22
    Affected: 0.23
    Affected: 0.24
    Affected: 0.25
    Affected: 0.26
    Affected: 0.27
    Affected: 0.28
    Affected: 0.29
    Affected: 0.30
    Affected: 0.31
    Affected: 0.32
    Affected: 0.33
    Affected: 0.34
    Affected: 0.35
    Affected: 0.36
    Affected: 0.37
    Affected: 0.38
    Affected: 0.39
    Affected: 0.40
    Affected: 0.41
    Affected: 0.42
    Affected: 0.43
    Affected: 0.44
    Affected: 0.45
    Affected: 0.46
    Affected: 0.47
    Affected: 0.48
    Affected: 0.49
    Affected: 0.50
    Affected: 0.51
    Affected: 0.52
    Affected: 0.53
    Affected: 0.54
    Affected: 0.55
    Affected: 0.56
    Affected: 0.57
    Affected: 0.58
    Affected: 0.59
    Affected: 0.60
    Affected: 0.61
    Affected: 0.62
    Affected: 0.63
    Affected: 0.64
    Affected: 0.65
    Affected: 0.66
    Affected: 0.67
    Affected: 0.68
    Affected: 0.69
    Affected: 0.70
    Affected: 0.71
    Affected: 0.72
    Affected: 0.73
    Affected: 0.74
    Affected: 0.75
    Affected: 0.76
    Affected: 0.77
    Affected: 0.78
    Affected: 0.79
    Affected: 0.80
    Affected: 0.81
    Affected: 0.82
    Affected: 0.83
    Affected: 0.84
    Affected: 0.85
    Affected: 0.86
    Affected: 0.87
    Affected: 0.88
    Affected: 0.89
    Affected: 0.90
    Affected: 0.91
    Affected: 0.92
    Affected: 0.93
    Affected: 0.94
    Affected: 0.95
    Affected: 0.96
    Affected: 0.97
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:58:26.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.222326"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.222326"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fastly Plugin",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.1"
            },
            {
              "status": "affected",
              "version": "0.2"
            },
            {
              "status": "affected",
              "version": "0.3"
            },
            {
              "status": "affected",
              "version": "0.4"
            },
            {
              "status": "affected",
              "version": "0.5"
            },
            {
              "status": "affected",
              "version": "0.6"
            },
            {
              "status": "affected",
              "version": "0.7"
            },
            {
              "status": "affected",
              "version": "0.8"
            },
            {
              "status": "affected",
              "version": "0.9"
            },
            {
              "status": "affected",
              "version": "0.10"
            },
            {
              "status": "affected",
              "version": "0.11"
            },
            {
              "status": "affected",
              "version": "0.12"
            },
            {
              "status": "affected",
              "version": "0.13"
            },
            {
              "status": "affected",
              "version": "0.14"
            },
            {
              "status": "affected",
              "version": "0.15"
            },
            {
              "status": "affected",
              "version": "0.16"
            },
            {
              "status": "affected",
              "version": "0.17"
            },
            {
              "status": "affected",
              "version": "0.18"
            },
            {
              "status": "affected",
              "version": "0.19"
            },
            {
              "status": "affected",
              "version": "0.20"
            },
            {
              "status": "affected",
              "version": "0.21"
            },
            {
              "status": "affected",
              "version": "0.22"
            },
            {
              "status": "affected",
              "version": "0.23"
            },
            {
              "status": "affected",
              "version": "0.24"
            },
            {
              "status": "affected",
              "version": "0.25"
            },
            {
              "status": "affected",
              "version": "0.26"
            },
            {
              "status": "affected",
              "version": "0.27"
            },
            {
              "status": "affected",
              "version": "0.28"
            },
            {
              "status": "affected",
              "version": "0.29"
            },
            {
              "status": "affected",
              "version": "0.30"
            },
            {
              "status": "affected",
              "version": "0.31"
            },
            {
              "status": "affected",
              "version": "0.32"
            },
            {
              "status": "affected",
              "version": "0.33"
            },
            {
              "status": "affected",
              "version": "0.34"
            },
            {
              "status": "affected",
              "version": "0.35"
            },
            {
              "status": "affected",
              "version": "0.36"
            },
            {
              "status": "affected",
              "version": "0.37"
            },
            {
              "status": "affected",
              "version": "0.38"
            },
            {
              "status": "affected",
              "version": "0.39"
            },
            {
              "status": "affected",
              "version": "0.40"
            },
            {
              "status": "affected",
              "version": "0.41"
            },
            {
              "status": "affected",
              "version": "0.42"
            },
            {
              "status": "affected",
              "version": "0.43"
            },
            {
              "status": "affected",
              "version": "0.44"
            },
            {
              "status": "affected",
              "version": "0.45"
            },
            {
              "status": "affected",
              "version": "0.46"
            },
            {
              "status": "affected",
              "version": "0.47"
            },
            {
              "status": "affected",
              "version": "0.48"
            },
            {
              "status": "affected",
              "version": "0.49"
            },
            {
              "status": "affected",
              "version": "0.50"
            },
            {
              "status": "affected",
              "version": "0.51"
            },
            {
              "status": "affected",
              "version": "0.52"
            },
            {
              "status": "affected",
              "version": "0.53"
            },
            {
              "status": "affected",
              "version": "0.54"
            },
            {
              "status": "affected",
              "version": "0.55"
            },
            {
              "status": "affected",
              "version": "0.56"
            },
            {
              "status": "affected",
              "version": "0.57"
            },
            {
              "status": "affected",
              "version": "0.58"
            },
            {
              "status": "affected",
              "version": "0.59"
            },
            {
              "status": "affected",
              "version": "0.60"
            },
            {
              "status": "affected",
              "version": "0.61"
            },
            {
              "status": "affected",
              "version": "0.62"
            },
            {
              "status": "affected",
              "version": "0.63"
            },
            {
              "status": "affected",
              "version": "0.64"
            },
            {
              "status": "affected",
              "version": "0.65"
            },
            {
              "status": "affected",
              "version": "0.66"
            },
            {
              "status": "affected",
              "version": "0.67"
            },
            {
              "status": "affected",
              "version": "0.68"
            },
            {
              "status": "affected",
              "version": "0.69"
            },
            {
              "status": "affected",
              "version": "0.70"
            },
            {
              "status": "affected",
              "version": "0.71"
            },
            {
              "status": "affected",
              "version": "0.72"
            },
            {
              "status": "affected",
              "version": "0.73"
            },
            {
              "status": "affected",
              "version": "0.74"
            },
            {
              "status": "affected",
              "version": "0.75"
            },
            {
              "status": "affected",
              "version": "0.76"
            },
            {
              "status": "affected",
              "version": "0.77"
            },
            {
              "status": "affected",
              "version": "0.78"
            },
            {
              "status": "affected",
              "version": "0.79"
            },
            {
              "status": "affected",
              "version": "0.80"
            },
            {
              "status": "affected",
              "version": "0.81"
            },
            {
              "status": "affected",
              "version": "0.82"
            },
            {
              "status": "affected",
              "version": "0.83"
            },
            {
              "status": "affected",
              "version": "0.84"
            },
            {
              "status": "affected",
              "version": "0.85"
            },
            {
              "status": "affected",
              "version": "0.86"
            },
            {
              "status": "affected",
              "version": "0.87"
            },
            {
              "status": "affected",
              "version": "0.88"
            },
            {
              "status": "affected",
              "version": "0.89"
            },
            {
              "status": "affected",
              "version": "0.90"
            },
            {
              "status": "affected",
              "version": "0.91"
            },
            {
              "status": "affected",
              "version": "0.92"
            },
            {
              "status": "affected",
              "version": "0.93"
            },
            {
              "status": "affected",
              "version": "0.94"
            },
            {
              "status": "affected",
              "version": "0.95"
            },
            {
              "status": "affected",
              "version": "0.96"
            },
            {
              "status": "affected",
              "version": "0.97"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T09:13:31.518Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.222326"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.222326"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-03-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-03-04T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-03-04T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-03-31T13:27:52.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Fastly Plugin api.php post cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2015-10094",
    "datePublished": "2023-03-06T14:31:04.388Z",
    "dateReserved": "2023-03-04T15:23:20.129Z",
    "dateUpdated": "2024-08-06T08:58:26.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2017-13761 (GCVE-0-2017-13761)

    Vulnerability from cvelistv5 – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
    VLAI
    Summary
    The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-12 00:00
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:05:20.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T17:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
              "refsource": "CONFIRM",
              "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13761",
    "datePublished": "2017-09-14T17:00:00.000Z",
    "dateReserved": "2017-08-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:05:20.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}