CVE-2024-12314

{"id": "CVE-2024-12314", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2025-02-18T05:15:09.987", "references": [{"url": "https://wordpress.org/plugins/rapid-cache/", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b777ac-1870-4588-82fe-da96a784ec81?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-524"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting."}, {"lang": "es", "value": "El complemento Rapid Cache para WordPress es vulnerable al envenenamiento de cach\u00e9 en todas las versiones hasta 1.2.3 incluida. Esto se debe al complemento que almacena los encabezados HTTP en los datos en cach\u00e9. Esto hace posible que los atacantes no autenticados envenenen el cach\u00e9 con encabezados HTTP personalizados que pueden ser no depurados, lo que puede conducir a Cross-Site Scripting."}], "lastModified": "2025-02-24T12:40:54.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:megaoptim:rapid_cache:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AEB51662-7A53-4177-90EA-6A8D40DC05B3", "versionEndIncluding": "1.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}