Search criteria
10 vulnerabilities found for Fastly by Fastly
CVE-2025-58199 (GCVE-0-2025-58199)
Vulnerability from nvd – Published: 2025-09-22 18:23 – Updated: 2025-09-23 16:10
VLAI?
Title
WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Nabil Irawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T15:55:17.079695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:10:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"lessThanOrEqual": "1.2.28",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.28.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:23:51.395Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly Plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58199",
"datePublished": "2025-09-22T18:23:51.395Z",
"dateReserved": "2025-08-27T16:18:58.324Z",
"dateUpdated": "2025-09-23T16:10:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34768 (GCVE-0-2024-34768)
Vulnerability from nvd – Published: 2024-06-11 16:42 – Updated: 2024-08-02 02:59
VLAI?
Title
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:42:39.650690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:43:03.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:42:16.302Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34768",
"datePublished": "2024-06-11T16:42:16.302Z",
"dateReserved": "2024-05-08T12:03:07.439Z",
"dateUpdated": "2024-08-02T02:59:22.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34803 (GCVE-0-2024-34803)
Vulnerability from nvd – Published: 2024-06-03 10:18 – Updated: 2024-08-02 02:59
VLAI?
Title
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:11:18.743240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Broken Access Control"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T10:18:56.905Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34803",
"datePublished": "2024-06-03T10:18:56.905Z",
"dateReserved": "2024-05-09T12:14:23.897Z",
"dateUpdated": "2024-08-02T02:59:22.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10094 (GCVE-0-2015-10094)
Vulnerability from nvd – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
VLAI?
Title
Fastly Plugin api.php post cross site scripting
Summary
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fastly Plugin |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12 Affected: 0.13 Affected: 0.14 Affected: 0.15 Affected: 0.16 Affected: 0.17 Affected: 0.18 Affected: 0.19 Affected: 0.20 Affected: 0.21 Affected: 0.22 Affected: 0.23 Affected: 0.24 Affected: 0.25 Affected: 0.26 Affected: 0.27 Affected: 0.28 Affected: 0.29 Affected: 0.30 Affected: 0.31 Affected: 0.32 Affected: 0.33 Affected: 0.34 Affected: 0.35 Affected: 0.36 Affected: 0.37 Affected: 0.38 Affected: 0.39 Affected: 0.40 Affected: 0.41 Affected: 0.42 Affected: 0.43 Affected: 0.44 Affected: 0.45 Affected: 0.46 Affected: 0.47 Affected: 0.48 Affected: 0.49 Affected: 0.50 Affected: 0.51 Affected: 0.52 Affected: 0.53 Affected: 0.54 Affected: 0.55 Affected: 0.56 Affected: 0.57 Affected: 0.58 Affected: 0.59 Affected: 0.60 Affected: 0.61 Affected: 0.62 Affected: 0.63 Affected: 0.64 Affected: 0.65 Affected: 0.66 Affected: 0.67 Affected: 0.68 Affected: 0.69 Affected: 0.70 Affected: 0.71 Affected: 0.72 Affected: 0.73 Affected: 0.74 Affected: 0.75 Affected: 0.76 Affected: 0.77 Affected: 0.78 Affected: 0.79 Affected: 0.80 Affected: 0.81 Affected: 0.82 Affected: 0.83 Affected: 0.84 Affected: 0.85 Affected: 0.86 Affected: 0.87 Affected: 0.88 Affected: 0.89 Affected: 0.90 Affected: 0.91 Affected: 0.92 Affected: 0.93 Affected: 0.94 Affected: 0.95 Affected: 0.96 Affected: 0.97 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fastly Plugin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
},
{
"status": "affected",
"version": "0.15"
},
{
"status": "affected",
"version": "0.16"
},
{
"status": "affected",
"version": "0.17"
},
{
"status": "affected",
"version": "0.18"
},
{
"status": "affected",
"version": "0.19"
},
{
"status": "affected",
"version": "0.20"
},
{
"status": "affected",
"version": "0.21"
},
{
"status": "affected",
"version": "0.22"
},
{
"status": "affected",
"version": "0.23"
},
{
"status": "affected",
"version": "0.24"
},
{
"status": "affected",
"version": "0.25"
},
{
"status": "affected",
"version": "0.26"
},
{
"status": "affected",
"version": "0.27"
},
{
"status": "affected",
"version": "0.28"
},
{
"status": "affected",
"version": "0.29"
},
{
"status": "affected",
"version": "0.30"
},
{
"status": "affected",
"version": "0.31"
},
{
"status": "affected",
"version": "0.32"
},
{
"status": "affected",
"version": "0.33"
},
{
"status": "affected",
"version": "0.34"
},
{
"status": "affected",
"version": "0.35"
},
{
"status": "affected",
"version": "0.36"
},
{
"status": "affected",
"version": "0.37"
},
{
"status": "affected",
"version": "0.38"
},
{
"status": "affected",
"version": "0.39"
},
{
"status": "affected",
"version": "0.40"
},
{
"status": "affected",
"version": "0.41"
},
{
"status": "affected",
"version": "0.42"
},
{
"status": "affected",
"version": "0.43"
},
{
"status": "affected",
"version": "0.44"
},
{
"status": "affected",
"version": "0.45"
},
{
"status": "affected",
"version": "0.46"
},
{
"status": "affected",
"version": "0.47"
},
{
"status": "affected",
"version": "0.48"
},
{
"status": "affected",
"version": "0.49"
},
{
"status": "affected",
"version": "0.50"
},
{
"status": "affected",
"version": "0.51"
},
{
"status": "affected",
"version": "0.52"
},
{
"status": "affected",
"version": "0.53"
},
{
"status": "affected",
"version": "0.54"
},
{
"status": "affected",
"version": "0.55"
},
{
"status": "affected",
"version": "0.56"
},
{
"status": "affected",
"version": "0.57"
},
{
"status": "affected",
"version": "0.58"
},
{
"status": "affected",
"version": "0.59"
},
{
"status": "affected",
"version": "0.60"
},
{
"status": "affected",
"version": "0.61"
},
{
"status": "affected",
"version": "0.62"
},
{
"status": "affected",
"version": "0.63"
},
{
"status": "affected",
"version": "0.64"
},
{
"status": "affected",
"version": "0.65"
},
{
"status": "affected",
"version": "0.66"
},
{
"status": "affected",
"version": "0.67"
},
{
"status": "affected",
"version": "0.68"
},
{
"status": "affected",
"version": "0.69"
},
{
"status": "affected",
"version": "0.70"
},
{
"status": "affected",
"version": "0.71"
},
{
"status": "affected",
"version": "0.72"
},
{
"status": "affected",
"version": "0.73"
},
{
"status": "affected",
"version": "0.74"
},
{
"status": "affected",
"version": "0.75"
},
{
"status": "affected",
"version": "0.76"
},
{
"status": "affected",
"version": "0.77"
},
{
"status": "affected",
"version": "0.78"
},
{
"status": "affected",
"version": "0.79"
},
{
"status": "affected",
"version": "0.80"
},
{
"status": "affected",
"version": "0.81"
},
{
"status": "affected",
"version": "0.82"
},
{
"status": "affected",
"version": "0.83"
},
{
"status": "affected",
"version": "0.84"
},
{
"status": "affected",
"version": "0.85"
},
{
"status": "affected",
"version": "0.86"
},
{
"status": "affected",
"version": "0.87"
},
{
"status": "affected",
"version": "0.88"
},
{
"status": "affected",
"version": "0.89"
},
{
"status": "affected",
"version": "0.90"
},
{
"status": "affected",
"version": "0.91"
},
{
"status": "affected",
"version": "0.92"
},
{
"status": "affected",
"version": "0.93"
},
{
"status": "affected",
"version": "0.94"
},
{
"status": "affected",
"version": "0.95"
},
{
"status": "affected",
"version": "0.96"
},
{
"status": "affected",
"version": "0.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:13:31.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-31T13:27:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fastly Plugin api.php post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10094",
"datePublished": "2023-03-06T14:31:04.388Z",
"dateReserved": "2023-03-04T15:23:20.129Z",
"dateUpdated": "2024-08-06T08:58:26.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13761 (GCVE-0-2017-13761)
Vulnerability from nvd – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
VLAI?
Summary
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
"refsource": "CONFIRM",
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13761",
"datePublished": "2017-09-14T17:00:00",
"dateReserved": "2017-08-29T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58199 (GCVE-0-2025-58199)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:23 – Updated: 2025-09-23 16:10
VLAI?
Title
WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Nabil Irawan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T15:55:17.079695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T16:10:31.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"lessThanOrEqual": "1.2.28",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery.\u003c/p\u003e\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.28.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:23:51.395Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/fastly/vulnerability/wordpress-fastly-plugin-1-2-28-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly Plugin \u003c= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-58199",
"datePublished": "2025-09-22T18:23:51.395Z",
"dateReserved": "2025-08-27T16:18:58.324Z",
"dateUpdated": "2025-09-23T16:10:31.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34768 (GCVE-0-2024-34768)
Vulnerability from cvelistv5 – Published: 2024-06-11 16:42 – Updated: 2024-08-02 02:59
VLAI?
Title
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Joshua Chan (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:42:39.650690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T16:43:03.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joshua Chan (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:42:16.302Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34768",
"datePublished": "2024-06-11T16:42:16.302Z",
"dateReserved": "2024-05-08T12:03:07.439Z",
"dateUpdated": "2024-08-02T02:59:22.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34803 (GCVE-0-2024-34803)
Vulnerability from cvelistv5 – Published: 2024-06-03 10:18 – Updated: 2024-08-02 02:59
VLAI?
Title
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Majed Refaea (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:11:18.743240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fastly",
"product": "Fastly",
"vendor": "Fastly",
"versions": [
{
"changes": [
{
"at": "1.2.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2.25",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Majed Refaea (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Fastly.\u003cp\u003eThis issue affects Fastly: from n/a through 1.2.25.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Broken Access Control"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T10:18:56.905Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fastly/wordpress-fastly-plugin-1-2-25-broken-access-control-vulnerability-2?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.2.26 or a higher version."
}
],
"value": "Update to 1.2.26 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fastly plugin \u003c= 1.2.25 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-34803",
"datePublished": "2024-06-03T10:18:56.905Z",
"dateReserved": "2024-05-09T12:14:23.897Z",
"dateUpdated": "2024-08-02T02:59:22.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10094 (GCVE-0-2015-10094)
Vulnerability from cvelistv5 – Published: 2023-03-06 14:31 – Updated: 2024-08-06 08:58
VLAI?
Title
Fastly Plugin api.php post cross site scripting
Summary
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Fastly Plugin |
Affected:
0.1
Affected: 0.2 Affected: 0.3 Affected: 0.4 Affected: 0.5 Affected: 0.6 Affected: 0.7 Affected: 0.8 Affected: 0.9 Affected: 0.10 Affected: 0.11 Affected: 0.12 Affected: 0.13 Affected: 0.14 Affected: 0.15 Affected: 0.16 Affected: 0.17 Affected: 0.18 Affected: 0.19 Affected: 0.20 Affected: 0.21 Affected: 0.22 Affected: 0.23 Affected: 0.24 Affected: 0.25 Affected: 0.26 Affected: 0.27 Affected: 0.28 Affected: 0.29 Affected: 0.30 Affected: 0.31 Affected: 0.32 Affected: 0.33 Affected: 0.34 Affected: 0.35 Affected: 0.36 Affected: 0.37 Affected: 0.38 Affected: 0.39 Affected: 0.40 Affected: 0.41 Affected: 0.42 Affected: 0.43 Affected: 0.44 Affected: 0.45 Affected: 0.46 Affected: 0.47 Affected: 0.48 Affected: 0.49 Affected: 0.50 Affected: 0.51 Affected: 0.52 Affected: 0.53 Affected: 0.54 Affected: 0.55 Affected: 0.56 Affected: 0.57 Affected: 0.58 Affected: 0.59 Affected: 0.60 Affected: 0.61 Affected: 0.62 Affected: 0.63 Affected: 0.64 Affected: 0.65 Affected: 0.66 Affected: 0.67 Affected: 0.68 Affected: 0.69 Affected: 0.70 Affected: 0.71 Affected: 0.72 Affected: 0.73 Affected: 0.74 Affected: 0.75 Affected: 0.76 Affected: 0.77 Affected: 0.78 Affected: 0.79 Affected: 0.80 Affected: 0.81 Affected: 0.82 Affected: 0.83 Affected: 0.84 Affected: 0.85 Affected: 0.86 Affected: 0.87 Affected: 0.88 Affected: 0.89 Affected: 0.90 Affected: 0.91 Affected: 0.92 Affected: 0.93 Affected: 0.94 Affected: 0.95 Affected: 0.96 Affected: 0.97 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fastly Plugin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
},
{
"status": "affected",
"version": "0.15"
},
{
"status": "affected",
"version": "0.16"
},
{
"status": "affected",
"version": "0.17"
},
{
"status": "affected",
"version": "0.18"
},
{
"status": "affected",
"version": "0.19"
},
{
"status": "affected",
"version": "0.20"
},
{
"status": "affected",
"version": "0.21"
},
{
"status": "affected",
"version": "0.22"
},
{
"status": "affected",
"version": "0.23"
},
{
"status": "affected",
"version": "0.24"
},
{
"status": "affected",
"version": "0.25"
},
{
"status": "affected",
"version": "0.26"
},
{
"status": "affected",
"version": "0.27"
},
{
"status": "affected",
"version": "0.28"
},
{
"status": "affected",
"version": "0.29"
},
{
"status": "affected",
"version": "0.30"
},
{
"status": "affected",
"version": "0.31"
},
{
"status": "affected",
"version": "0.32"
},
{
"status": "affected",
"version": "0.33"
},
{
"status": "affected",
"version": "0.34"
},
{
"status": "affected",
"version": "0.35"
},
{
"status": "affected",
"version": "0.36"
},
{
"status": "affected",
"version": "0.37"
},
{
"status": "affected",
"version": "0.38"
},
{
"status": "affected",
"version": "0.39"
},
{
"status": "affected",
"version": "0.40"
},
{
"status": "affected",
"version": "0.41"
},
{
"status": "affected",
"version": "0.42"
},
{
"status": "affected",
"version": "0.43"
},
{
"status": "affected",
"version": "0.44"
},
{
"status": "affected",
"version": "0.45"
},
{
"status": "affected",
"version": "0.46"
},
{
"status": "affected",
"version": "0.47"
},
{
"status": "affected",
"version": "0.48"
},
{
"status": "affected",
"version": "0.49"
},
{
"status": "affected",
"version": "0.50"
},
{
"status": "affected",
"version": "0.51"
},
{
"status": "affected",
"version": "0.52"
},
{
"status": "affected",
"version": "0.53"
},
{
"status": "affected",
"version": "0.54"
},
{
"status": "affected",
"version": "0.55"
},
{
"status": "affected",
"version": "0.56"
},
{
"status": "affected",
"version": "0.57"
},
{
"status": "affected",
"version": "0.58"
},
{
"status": "affected",
"version": "0.59"
},
{
"status": "affected",
"version": "0.60"
},
{
"status": "affected",
"version": "0.61"
},
{
"status": "affected",
"version": "0.62"
},
{
"status": "affected",
"version": "0.63"
},
{
"status": "affected",
"version": "0.64"
},
{
"status": "affected",
"version": "0.65"
},
{
"status": "affected",
"version": "0.66"
},
{
"status": "affected",
"version": "0.67"
},
{
"status": "affected",
"version": "0.68"
},
{
"status": "affected",
"version": "0.69"
},
{
"status": "affected",
"version": "0.70"
},
{
"status": "affected",
"version": "0.71"
},
{
"status": "affected",
"version": "0.72"
},
{
"status": "affected",
"version": "0.73"
},
{
"status": "affected",
"version": "0.74"
},
{
"status": "affected",
"version": "0.75"
},
{
"status": "affected",
"version": "0.76"
},
{
"status": "affected",
"version": "0.77"
},
{
"status": "affected",
"version": "0.78"
},
{
"status": "affected",
"version": "0.79"
},
{
"status": "affected",
"version": "0.80"
},
{
"status": "affected",
"version": "0.81"
},
{
"status": "affected",
"version": "0.82"
},
{
"status": "affected",
"version": "0.83"
},
{
"status": "affected",
"version": "0.84"
},
{
"status": "affected",
"version": "0.85"
},
{
"status": "affected",
"version": "0.86"
},
{
"status": "affected",
"version": "0.87"
},
{
"status": "affected",
"version": "0.88"
},
{
"status": "affected",
"version": "0.89"
},
{
"status": "affected",
"version": "0.90"
},
{
"status": "affected",
"version": "0.91"
},
{
"status": "affected",
"version": "0.92"
},
{
"status": "affected",
"version": "0.93"
},
{
"status": "affected",
"version": "0.94"
},
{
"status": "affected",
"version": "0.95"
},
{
"status": "affected",
"version": "0.96"
},
{
"status": "affected",
"version": "0.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fastly Plugin bis 0.97 f\u00fcr WordPress ausgemacht. Es geht hierbei um die Funktion post der Datei lib/api.php. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 0.98 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d7fe42538f4d4af500e3af9678b6b06fba731656 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:13:31.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.222326"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.222326"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/commit/d7fe42538f4d4af500e3af9678b6b06fba731656"
},
{
"tags": [
"patch"
],
"url": "https://github.com/wp-plugins/fastly/releases/tag/0.98"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-04T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-31T13:27:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fastly Plugin api.php post cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10094",
"datePublished": "2023-03-06T14:31:04.388Z",
"dateReserved": "2023-03-04T15:23:20.129Z",
"dateUpdated": "2024-08-06T08:58:26.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13761 (GCVE-0-2017-13761)
Vulnerability from cvelistv5 – Published: 2017-09-14 17:00 – Updated: 2024-08-05 19:05
VLAI?
Summary
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2",
"refsource": "CONFIRM",
"url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13761",
"datePublished": "2017-09-14T17:00:00",
"dateReserved": "2017-08-29T00:00:00",
"dateUpdated": "2024-08-05T19:05:20.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}