Search criteria
12 vulnerabilities found for fastly by fastly
CVE-2025-58199 (GCVE-0-2025-58199)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:23 – Updated: 2025-09-23 16:10
VLAI?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Nabil Irawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T15:55:17.079695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:10:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"lessThanOrEqual": "1.2.28",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.28.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:23:51.395Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly Plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58199",
"datePublished": "2025-09-22T18:23:51.395Z",
"dateReserved": "2025-08-27T16:18:58.324Z",
"dateUpdated": "2025-09-23T16:10:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34768 (GCVE-0-2024-34768)
Vulnerability from cvelistv5 – Published: 2024-06-11 16:42 – Updated: 2024-08-02 02:59
VLAI?
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:42:39.650690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:43:03.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:42:16.302Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34768",
"datePublished": "2024-06-11T16:42:16.302Z",
"dateReserved": "2024-05-08T12:03:07.439Z",
"dateUpdated": "2024-08-02T02:59:22.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34803 (GCVE-0-2024-34803)
Vulnerability from cvelistv5 – Published: 2024-06-03 10:18 – Updated: 2024-08-02 02:59
VLAI?
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:11:18.743240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Broken Access Control"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T10:18:56.905Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34803",
"datePublished": "2024-06-03T10:18:56.905Z",
"dateReserved": "2024-05-09T12:14:23.897Z",
"dateUpdated": "2024-08-02T02:59:22.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10094 (GCVE-0-2015-10094)
Vulnerability from cvelistv5 – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
VLAI?
Summary
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fastly Plugin |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12 Affected: 0.13 Affected: 0.14 Affected: 0.15 Affected: 0.16 Affected: 0.17 Affected: 0.18 Affected: 0.19 Affected: 0.20 Affected: 0.21 Affected: 0.22 Affected: 0.23 Affected: 0.24 Affected: 0.25 Affected: 0.26 Affected: 0.27 Affected: 0.28 Affected: 0.29 Affected: 0.30 Affected: 0.31 Affected: 0.32 Affected: 0.33 Affected: 0.34 Affected: 0.35 Affected: 0.36 Affected: 0.37 Affected: 0.38 Affected: 0.39 Affected: 0.40 Affected: 0.41 Affected: 0.42 Affected: 0.43 Affected: 0.44 Affected: 0.45 Affected: 0.46 Affected: 0.47 Affected: 0.48 Affected: 0.49 Affected: 0.50 Affected: 0.51 Affected: 0.52 Affected: 0.53 Affected: 0.54 Affected: 0.55 Affected: 0.56 Affected: 0.57 Affected: 0.58 Affected: 0.59 Affected: 0.60 Affected: 0.61 Affected: 0.62 Affected: 0.63 Affected: 0.64 Affected: 0.65 Affected: 0.66 Affected: 0.67 Affected: 0.68 Affected: 0.69 Affected: 0.70 Affected: 0.71 Affected: 0.72 Affected: 0.73 Affected: 0.74 Affected: 0.75 Affected: 0.76 Affected: 0.77 Affected: 0.78 Affected: 0.79 Affected: 0.80 Affected: 0.81 Affected: 0.82 Affected: 0.83 Affected: 0.84 Affected: 0.85 Affected: 0.86 Affected: 0.87 Affected: 0.88 Affected: 0.89 Affected: 0.90 Affected: 0.91 Affected: 0.92 Affected: 0.93 Affected: 0.94 Affected: 0.95 Affected: 0.96 Affected: 0.97 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fastly Plugin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
},
{
"status": "affected",
"version": "0.15"
},
{
"status": "affected",
"version": "0.16"
},
{
"status": "affected",
"version": "0.17"
},
{
"status": "affected",
"version": "0.18"
},
{
"status": "affected",
"version": "0.19"
},
{
"status": "affected",
"version": "0.20"
},
{
"status": "affected",
"version": "0.21"
},
{
"status": "affected",
"version": "0.22"
},
{
"status": "affected",
"version": "0.23"
},
{
"status": "affected",
"version": "0.24"
},
{
"status": "affected",
"version": "0.25"
},
{
"status": "affected",
"version": "0.26"
},
{
"status": "affected",
"version": "0.27"
},
{
"status": "affected",
"version": "0.28"
},
{
"status": "affected",
"version": "0.29"
},
{
"status": "affected",
"version": "0.30"
},
{
"status": "affected",
"version": "0.31"
},
{
"status": "affected",
"version": "0.32"
},
{
"status": "affected",
"version": "0.33"
},
{
"status": "affected",
"version": "0.34"
},
{
"status": "affected",
"version": "0.35"
},
{
"status": "affected",
"version": "0.36"
},
{
"status": "affected",
"version": "0.37"
},
{
"status": "affected",
"version": "0.38"
},
{
"status": "affected",
"version": "0.39"
},
{
"status": "affected",
"version": "0.40"
},
{
"status": "affected",
"version": "0.41"
},
{
"status": "affected",
"version": "0.42"
},
{
"status": "affected",
"version": "0.43"
},
{
"status": "affected",
"version": "0.44"
},
{
"status": "affected",
"version": "0.45"
},
{
"status": "affected",
"version": "0.46"
},
{
"status": "affected",
"version": "0.47"
},
{
"status": "affected",
"version": "0.48"
},
{
"status": "affected",
"version": "0.49"
},
{
"status": "affected",
"version": "0.50"
},
{
"status": "affected",
"version": "0.51"
},
{
"status": "affected",
"version": "0.52"
},
{
"status": "affected",
"version": "0.53"
},
{
"status": "affected",
"version": "0.54"
},
{
"status": "affected",
"version": "0.55"
},
{
"status": "affected",
"version": "0.56"
},
{
"status": "affected",
"version": "0.57"
},
{
"status": "affected",
"version": "0.58"
},
{
"status": "affected",
"version": "0.59"
},
{
"status": "affected",
"version": "0.60"
},
{
"status": "affected",
"version": "0.61"
},
{
"status": "affected",
"version": "0.62"
},
{
"status": "affected",
"version": "0.63"
},
{
"status": "affected",
"version": "0.64"
},
{
"status": "affected",
"version": "0.65"
},
{
"status": "affected",
"version": "0.66"
},
{
"status": "affected",
"version": "0.67"
},
{
"status": "affected",
"version": "0.68"
},
{
"status": "affected",
"version": "0.69"
},
{
"status": "affected",
"version": "0.70"
},
{
"status": "affected",
"version": "0.71"
},
{
"status": "affected",
"version": "0.72"
},
{
"status": "affected",
"version": "0.73"
},
{
"status": "affected",
"version": "0.74"
},
{
"status": "affected",
"version": "0.75"
},
{
"status": "affected",
"version": "0.76"
},
{
"status": "affected",
"version": "0.77"
},
{
"status": "affected",
"version": "0.78"
},
{
"status": "affected",
"version": "0.79"
},
{
"status": "affected",
"version": "0.80"
},
{
"status": "affected",
"version": "0.81"
},
{
"status": "affected",
"version": "0.82"
},
{
"status": "affected",
"version": "0.83"
},
{
"status": "affected",
"version": "0.84"
},
{
"status": "affected",
"version": "0.85"
},
{
"status": "affected",
"version": "0.86"
},
{
"status": "affected",
"version": "0.87"
},
{
"status": "affected",
"version": "0.88"
},
{
"status": "affected",
"version": "0.89"
},
{
"status": "affected",
"version": "0.90"
},
{
"status": "affected",
"version": "0.91"
},
{
"status": "affected",
"version": "0.92"
},
{
"status": "affected",
"version": "0.93"
},
{
"status": "affected",
"version": "0.94"
},
{
"status": "affected",
"version": "0.95"
},
{
"status": "affected",
"version": "0.96"
},
{
"status": "affected",
"version": "0.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:13:31.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-31T13:27:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fastly Plugin api.php post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10094",
"datePublished": "2023-03-06T14:31:04.388Z",
"dateReserved": "2023-03-04T15:23:20.129Z",
"dateUpdated": "2024-08-06T08:58:26.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13761 (GCVE-0-2017-13761)
Vulnerability from cvelistv5 – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
VLAI?
Summary
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
"refsource": "CONFIRM",
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13761",
"datePublished": "2017-09-14T17:00:00",
"dateReserved": "2017-08-29T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58199 (GCVE-0-2025-58199)
Vulnerability from nvd – Published: 2025-09-22 18:23 – Updated: 2025-09-23 16:10
VLAI?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Nabil Irawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T15:55:17.079695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:10:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"lessThanOrEqual": "1.2.28",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.28.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:23:51.395Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly Plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58199",
"datePublished": "2025-09-22T18:23:51.395Z",
"dateReserved": "2025-08-27T16:18:58.324Z",
"dateUpdated": "2025-09-23T16:10:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34768 (GCVE-0-2024-34768)
Vulnerability from nvd – Published: 2024-06-11 16:42 – Updated: 2024-08-02 02:59
VLAI?
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:42:39.650690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:43:03.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:42:16.302Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34768",
"datePublished": "2024-06-11T16:42:16.302Z",
"dateReserved": "2024-05-08T12:03:07.439Z",
"dateUpdated": "2024-08-02T02:59:22.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34803 (GCVE-0-2024-34803)
Vulnerability from nvd – Published: 2024-06-03 10:18 – Updated: 2024-08-02 02:59
VLAI?
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:11:18.743240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Broken Access Control"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T10:18:56.905Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34803",
"datePublished": "2024-06-03T10:18:56.905Z",
"dateReserved": "2024-05-09T12:14:23.897Z",
"dateUpdated": "2024-08-02T02:59:22.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10094 (GCVE-0-2015-10094)
Vulnerability from nvd – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
VLAI?
Summary
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fastly Plugin |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12 Affected: 0.13 Affected: 0.14 Affected: 0.15 Affected: 0.16 Affected: 0.17 Affected: 0.18 Affected: 0.19 Affected: 0.20 Affected: 0.21 Affected: 0.22 Affected: 0.23 Affected: 0.24 Affected: 0.25 Affected: 0.26 Affected: 0.27 Affected: 0.28 Affected: 0.29 Affected: 0.30 Affected: 0.31 Affected: 0.32 Affected: 0.33 Affected: 0.34 Affected: 0.35 Affected: 0.36 Affected: 0.37 Affected: 0.38 Affected: 0.39 Affected: 0.40 Affected: 0.41 Affected: 0.42 Affected: 0.43 Affected: 0.44 Affected: 0.45 Affected: 0.46 Affected: 0.47 Affected: 0.48 Affected: 0.49 Affected: 0.50 Affected: 0.51 Affected: 0.52 Affected: 0.53 Affected: 0.54 Affected: 0.55 Affected: 0.56 Affected: 0.57 Affected: 0.58 Affected: 0.59 Affected: 0.60 Affected: 0.61 Affected: 0.62 Affected: 0.63 Affected: 0.64 Affected: 0.65 Affected: 0.66 Affected: 0.67 Affected: 0.68 Affected: 0.69 Affected: 0.70 Affected: 0.71 Affected: 0.72 Affected: 0.73 Affected: 0.74 Affected: 0.75 Affected: 0.76 Affected: 0.77 Affected: 0.78 Affected: 0.79 Affected: 0.80 Affected: 0.81 Affected: 0.82 Affected: 0.83 Affected: 0.84 Affected: 0.85 Affected: 0.86 Affected: 0.87 Affected: 0.88 Affected: 0.89 Affected: 0.90 Affected: 0.91 Affected: 0.92 Affected: 0.93 Affected: 0.94 Affected: 0.95 Affected: 0.96 Affected: 0.97 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fastly Plugin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
},
{
"status": "affected",
"version": "0.15"
},
{
"status": "affected",
"version": "0.16"
},
{
"status": "affected",
"version": "0.17"
},
{
"status": "affected",
"version": "0.18"
},
{
"status": "affected",
"version": "0.19"
},
{
"status": "affected",
"version": "0.20"
},
{
"status": "affected",
"version": "0.21"
},
{
"status": "affected",
"version": "0.22"
},
{
"status": "affected",
"version": "0.23"
},
{
"status": "affected",
"version": "0.24"
},
{
"status": "affected",
"version": "0.25"
},
{
"status": "affected",
"version": "0.26"
},
{
"status": "affected",
"version": "0.27"
},
{
"status": "affected",
"version": "0.28"
},
{
"status": "affected",
"version": "0.29"
},
{
"status": "affected",
"version": "0.30"
},
{
"status": "affected",
"version": "0.31"
},
{
"status": "affected",
"version": "0.32"
},
{
"status": "affected",
"version": "0.33"
},
{
"status": "affected",
"version": "0.34"
},
{
"status": "affected",
"version": "0.35"
},
{
"status": "affected",
"version": "0.36"
},
{
"status": "affected",
"version": "0.37"
},
{
"status": "affected",
"version": "0.38"
},
{
"status": "affected",
"version": "0.39"
},
{
"status": "affected",
"version": "0.40"
},
{
"status": "affected",
"version": "0.41"
},
{
"status": "affected",
"version": "0.42"
},
{
"status": "affected",
"version": "0.43"
},
{
"status": "affected",
"version": "0.44"
},
{
"status": "affected",
"version": "0.45"
},
{
"status": "affected",
"version": "0.46"
},
{
"status": "affected",
"version": "0.47"
},
{
"status": "affected",
"version": "0.48"
},
{
"status": "affected",
"version": "0.49"
},
{
"status": "affected",
"version": "0.50"
},
{
"status": "affected",
"version": "0.51"
},
{
"status": "affected",
"version": "0.52"
},
{
"status": "affected",
"version": "0.53"
},
{
"status": "affected",
"version": "0.54"
},
{
"status": "affected",
"version": "0.55"
},
{
"status": "affected",
"version": "0.56"
},
{
"status": "affected",
"version": "0.57"
},
{
"status": "affected",
"version": "0.58"
},
{
"status": "affected",
"version": "0.59"
},
{
"status": "affected",
"version": "0.60"
},
{
"status": "affected",
"version": "0.61"
},
{
"status": "affected",
"version": "0.62"
},
{
"status": "affected",
"version": "0.63"
},
{
"status": "affected",
"version": "0.64"
},
{
"status": "affected",
"version": "0.65"
},
{
"status": "affected",
"version": "0.66"
},
{
"status": "affected",
"version": "0.67"
},
{
"status": "affected",
"version": "0.68"
},
{
"status": "affected",
"version": "0.69"
},
{
"status": "affected",
"version": "0.70"
},
{
"status": "affected",
"version": "0.71"
},
{
"status": "affected",
"version": "0.72"
},
{
"status": "affected",
"version": "0.73"
},
{
"status": "affected",
"version": "0.74"
},
{
"status": "affected",
"version": "0.75"
},
{
"status": "affected",
"version": "0.76"
},
{
"status": "affected",
"version": "0.77"
},
{
"status": "affected",
"version": "0.78"
},
{
"status": "affected",
"version": "0.79"
},
{
"status": "affected",
"version": "0.80"
},
{
"status": "affected",
"version": "0.81"
},
{
"status": "affected",
"version": "0.82"
},
{
"status": "affected",
"version": "0.83"
},
{
"status": "affected",
"version": "0.84"
},
{
"status": "affected",
"version": "0.85"
},
{
"status": "affected",
"version": "0.86"
},
{
"status": "affected",
"version": "0.87"
},
{
"status": "affected",
"version": "0.88"
},
{
"status": "affected",
"version": "0.89"
},
{
"status": "affected",
"version": "0.90"
},
{
"status": "affected",
"version": "0.91"
},
{
"status": "affected",
"version": "0.92"
},
{
"status": "affected",
"version": "0.93"
},
{
"status": "affected",
"version": "0.94"
},
{
"status": "affected",
"version": "0.95"
},
{
"status": "affected",
"version": "0.96"
},
{
"status": "affected",
"version": "0.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:13:31.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-31T13:27:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fastly Plugin api.php post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10094",
"datePublished": "2023-03-06T14:31:04.388Z",
"dateReserved": "2023-03-04T15:23:20.129Z",
"dateUpdated": "2024-08-06T08:58:26.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13761 (GCVE-0-2017-13761)
Vulnerability from nvd – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
VLAI?
Summary
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
"refsource": "CONFIRM",
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13761",
"datePublished": "2017-09-14T17:00:00",
"dateReserved": "2017-08-29T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2015-10094
Vulnerability from fkie_nvd - Published: 2023-03-06 15:15 - Updated: 2024-11-21 02:24
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656 | Patch | |
| cna@vuldb.com | https://github.com/wp-plugins/fastly/releases/tag/0.98 | Release Notes | |
| cna@vuldb.com | https://vuldb.com/?ctiid.222326 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.222326 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wp-plugins/fastly/releases/tag/0.98 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.222326 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.222326 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastly:fastly:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5DE29868-D735-4322-AD33-FA78B226E43E",
"versionEndExcluding": "0.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
}
],
"id": "CVE-2015-10094",
"lastModified": "2024-11-21T02:24:21.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-06T15:15:09.863",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.222326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.222326"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2017-13761
Vulnerability from fkie_nvd - Published: 2017-09-14 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastly:fastly:*:*:*:*:*:magento2:*:*",
"matchCriteriaId": "463D605D-AA80-42EC-B62F-EEA143F7D998",
"versionEndIncluding": "1.2.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
},
{
"lang": "es",
"value": "El m\u00f3dulo Fastly de red de entrega de contenidos (CDN) en versiones anteriores a la 1.2.26 para Magento2, cuando se utiliza con un plugin de autenticaci\u00f3n de un tercero, podr\u00eda permitir que usuarios remotos autenticados obtengan informaci\u00f3n sensible de sesiones autenticadas mediante vectores que implican el almacenamiento de respuestas redireccionadas en cach\u00e9."
}
],
"id": "CVE-2017-13761",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-14T17:29:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}