BI.ZONE WAF guards against new WordPress vulnerability

The BI.ZONE WAF rules help to repel attacks that exploit the CVE-2023-6063 vulnerability in the popular WordPress plug‑in WP Fastest Cache

November 22, 2023

CVE-2023-6063 was disclosed on November 13. The vulnerability affects the WP Fastest Cache plug‑in, which speeds up page loading through static files caching. The vulnerability scored 8.6 out of 10 on the CVSS scale.

The vulnerability was found in the WP Fastest Cache version 1.2.1 and earlier. The developers fixed the problem in version 1.2.2, however all lower versions remain affected. According to the WordPress.org installation statistics, the plug‑in is used on more than 1 million websites running the WordPress Content Management System (CMS). As of the time of writing, the vulnerable plug‑in versions were installed on more than half of the websites.

This vulnerability allows unauthenticated attackers to read the contents of WordPress databases by injecting an SQL payload in the wordpress_logged_in parameter of the Cookie HTTP header. WordPress databases can contain user information, such as full names, email addresses, passwords, bank card details, and phone numbers. A compromised database can cause reputational and financial losses for the organization. Besides, attackers can inject malicious code into the database to gain control over the website.

Although the WordPress plug‑in developers have already released an update that addresses the vulnerability, not all companies are ready to immediately migrate to the new version. To protect website databases, organizations can use overlay security solutions. For example, BI.ZONE WAF can detect SQL injections by analyzing HTTP headers and their parameters. All the elements are broken down into tokens and a signature search is performed for illegitimate metrics. As a result, the new rules prevent exploitation of the vulnerability without affecting web applications.

Dmitry Tsarev

Head of Cloud Security Solutions, BI.ZONE

BI.ZONE WAF provides multilayer protection of web applications and APIs, counteracts bot activity, and identifies vulnerabilities. The service can be used to protect web applications of critical information infrastructure facilities, government databases, and personal data systems.