CVE-2025-10583
SSRF Vulnerability in WP Fastest Cache Plugin Allows Internal Requests
Publication date: 2025-12-12
Last updated on: 2026-04-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_fastest_cache | wp_fastest_cache | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WP Fastest Cache plugin for WordPress, affecting all versions up to and including 1.7.4. It occurs via the 'get_server_time_ajax_request' AJAX action, allowing authenticated users with Subscriber-level access or higher to make web requests to arbitrary locations from the web application.
How can this vulnerability impact me? :
An attacker with Subscriber-level access or above can exploit this vulnerability to send requests to arbitrary locations from the web application, potentially querying and modifying information from internal services. This could lead to unauthorized access or manipulation of internal data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the WP Fastest Cache plugin to version 1.7.5 or later, as this version includes security and stability improvements addressing CVE-2025-10583. Additionally, restrict Subscriber-level access if possible and monitor AJAX actions related to 'get_server_time_ajax_request' to prevent exploitation. [1]