CVE-2025-10583: CWE-862 Missing Authorization in emrevona WP Fastest Cache Premium
The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The free version is not affected.
AI Analysis
Technical Summary
CVE-2025-10583 is a Server-Side Request Forgery vulnerability in the WP Fastest Cache Premium WordPress plugin (up to version 1.7.4). The flaw exists in the 'get_server_time_ajax_request' AJAX action, which does not properly enforce authorization, allowing authenticated users with low privileges (Subscriber and above) to induce the server to make arbitrary HTTP requests. This could be leveraged to interact with internal services or resources not normally accessible externally. The vulnerability is classified under CWE-862 (Missing Authorization). The free version of the plugin is unaffected.
Potential Impact
The vulnerability allows low-privileged authenticated users to perform SSRF attacks, potentially enabling them to access or modify internal services or data that should be protected. However, the impact is limited by the requirement for authentication and the low CVSS score of 3.5, indicating limited severity and no direct confidentiality or availability impact reported.
Mitigation Recommendations
No official patch or fix is currently documented for this vulnerability. Users should monitor the vendor's advisory channels for updates. Until a fix is available, restrict Subscriber-level user access where possible and consider disabling or limiting the use of the affected AJAX action if feasible. Since the free version is not affected, consider using it as an alternative if appropriate.
CVE-2025-10583: CWE-862 Missing Authorization in emrevona WP Fastest Cache Premium
Description
The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The free version is not affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-10583 is a Server-Side Request Forgery vulnerability in the WP Fastest Cache Premium WordPress plugin (up to version 1.7.4). The flaw exists in the 'get_server_time_ajax_request' AJAX action, which does not properly enforce authorization, allowing authenticated users with low privileges (Subscriber and above) to induce the server to make arbitrary HTTP requests. This could be leveraged to interact with internal services or resources not normally accessible externally. The vulnerability is classified under CWE-862 (Missing Authorization). The free version of the plugin is unaffected.
Potential Impact
The vulnerability allows low-privileged authenticated users to perform SSRF attacks, potentially enabling them to access or modify internal services or data that should be protected. However, the impact is limited by the requirement for authentication and the low CVSS score of 3.5, indicating limited severity and no direct confidentiality or availability impact reported.
Mitigation Recommendations
No official patch or fix is currently documented for this vulnerability. Users should monitor the vendor's advisory channels for updates. Until a fix is available, restrict Subscriber-level user access where possible and consider disabling or limiting the use of the affected AJAX action if feasible. Since the free version is not affected, consider using it as an alternative if appropriate.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-09-16T20:02:55.540Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 693bc3e35f3fdafda42e6cd1
Added to database: 12/12/2025, 7:27:31 AM
Last enriched: 4/16/2026, 11:18:37 AM
Last updated: 5/10/2026, 5:26:22 AM
Views: 174
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.