CVE-2023-6598: 
WordPress vulnerability analysis and mitigation

The SpeedyCache plugin for WordPress (versions up to 1.1.3) contains a vulnerability identified as CVE-2023-6598, discovered and reported in January 2024. The vulnerability stems from missing capability checks in several key functions including speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and required low privileges for exploitation (NVD, Wordfence Advisory).

The vulnerability allows authenticated attackers with subscriber-level access or higher to modify plugin options and update plugin settings without proper authorization. This unauthorized access to plugin configuration could potentially impact the website's caching and optimization settings (NVD).

A patch has been released to address this vulnerability. Website administrators should update their SpeedyCache plugin to a version newer than 1.1.3 (WordPress Patch).