CVE-2025-10583 in WP Fastest Cache Plugin
Summary
by MITRE • 12/12/2025
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/12/2025
The WP Fastest Cache plugin represents a widely used caching solution for wordpress websites, designed to improve performance by storing and serving cached versions of web pages. This particular vulnerability affects all versions up to and including 1.7.4, creating a significant security risk for wordpress installations that rely on this plugin for performance optimization. The vulnerability manifests through the 'get_server_time_ajax_request' AJAX action which processes requests from authenticated users without proper validation of destination URLs. This flaw allows attackers with subscriber-level privileges or higher to exploit the plugin's functionality to make unauthorized server-side requests to any network location that the web application can reach.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the AJAX handler. When an authenticated user submits a request to the 'get_server_time_ajax_request' endpoint, the plugin fails to properly validate the target URL or destination address. This lack of validation creates a server-side request forgery condition where the web application itself becomes an unwitting proxy for malicious requests. The vulnerability is particularly concerning because it operates at the server level, allowing attackers to leverage the web server's network permissions and potentially access internal services that would normally be protected by network segmentation or firewall rules. The authenticated nature of the attack means that an attacker does not need to be a privileged user to exploit this vulnerability, as even basic subscriber accounts can trigger the malicious requests.
The operational impact of this vulnerability extends beyond simple data exfiltration or service disruption. Attackers can use this vector to enumerate internal services, probe network configurations, and potentially access sensitive information from systems that are normally isolated from public internet access. The vulnerability enables attackers to perform reconnaissance on internal network infrastructure, potentially identifying other vulnerable systems or services that could be targeted in subsequent attacks. Additionally, the ability to make requests to arbitrary locations means that attackers could potentially use this vulnerability to perform actions such as modifying internal service configurations or accessing administrative interfaces that are protected by the web application's network position. This makes the vulnerability particularly dangerous in environments where the web application has access to internal services or databases that are not exposed to external networks.
Organizations should immediately update to the latest version of the WP Fastest Cache plugin to remediate this vulnerability, as no effective workarounds exist for the specific flaw in the AJAX handler. The vulnerability aligns with CWE-918, which describes server-side request forgery vulnerabilities where applications fail to validate or sanitize URLs used in server-side requests. From an attack perspective, this vulnerability maps to techniques described in the ATT&CK framework under T1071.004 for application layer protocol: DNS and T1046 for network service scanning, as attackers would likely use this vulnerability to discover and probe internal services. Security teams should monitor for unusual outbound network requests originating from their web applications and implement network-level restrictions to prevent internal service access from external-facing web servers. The vulnerability also highlights the importance of validating all inputs in AJAX endpoints and implementing proper access controls for authenticated functionality to prevent privilege escalation through malicious request manipulation.