Search criteria
1 vulnerability by megaoptim
CVE-2024-12314 (GCVE-0-2024-12314)
Vulnerability from cvelistv5 – Published: 2025-02-18 04:21 – Updated: 2025-02-18 17:07
VLAI?
Title
Rapid Cache <= 1.2.3 - Unauthenticated Cache Poisoning
Summary
The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.
Severity ?
7.2 (High)
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| megaoptim | Rapid Cache |
Affected:
* , ≤ 1.2.3
(semver)
|
Credits
Joshua Provoste
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T14:25:11.333775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:07:04.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rapid Cache",
"vendor": "megaoptim",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Provoste"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T04:21:17.575Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b777ac-1870-4588-82fe-da96a784ec81?source=cve"
},
{
"url": "https://wordpress.org/plugins/rapid-cache/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-17T15:43:06.000+00:00",
"value": "Disclosed"
}
],
"title": "Rapid Cache \u003c= 1.2.3 - Unauthenticated Cache Poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12314",
"datePublished": "2025-02-18T04:21:17.575Z",
"dateReserved": "2024-12-06T15:59:17.996Z",
"dateUpdated": "2025-02-18T17:07:04.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}