CVE-2024-12314

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://wordpress.org/plugins/rapid-cache/	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/72b777ac-1870-4588-82fe-da96a784ec81?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:megaoptim:rapid_cache:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-02-18 05:15

Updated : 2025-02-24 12:40

NVD link : CVE-2024-12314

Mitre link : CVE-2024-12314

CVE.ORG link : CVE-2024-12314

JSON object : View

Products Affected

megaoptim

rapid_cache

CWE

CWE-524

Use of Cache Containing Sensitive Information

NVD-CWE-Other

{"id": "CVE-2024-12314", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2025-02-18T05:15:09.987", "references": [{"url": "https://wordpress.org/plugins/rapid-cache/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b777ac-1870-4588-82fe-da96a784ec81?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-524"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting."}, {"lang": "es", "value": "El complemento Rapid Cache para WordPress es vulnerable al envenenamiento de cach\u00e9 en todas las versiones hasta 1.2.3 incluida. Esto se debe al complemento que almacena los encabezados HTTP en los datos en cach\u00e9. Esto hace posible que los atacantes no autenticados envenenen el cach\u00e9 con encabezados HTTP personalizados que pueden ser no depurados, lo que puede conducir a Cross-Site Scripting."}], "lastModified": "2025-02-24T12:40:54.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:megaoptim:rapid_cache:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AEB51662-7A53-4177-90EA-6A8D40DC05B3", "versionEndIncluding": "1.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}