Directory Traversal Vulnerability in WP Fastest Cache Plugin for WordPress
CVE-2019-13635

9.1CRITICAL

Key Information:

Vendor
Wordpress
Status
WP Fastest Cache
Vendor
CVE Published:
30 July 2019

Summary

The WP Fastest Cache plugin for WordPress, through version 0.8.9.5, contains a directory traversal vulnerability that could allow unauthorized access to sensitive files on the server. This occurs via improper validation of user input in wpFastestCache.php and inc/cache.php, which could be exploited by attackers to traverse directories and access files outside of the intended directory structure. Recommended actions include updating to the latest version of the plugin and reviewing web application security practices.

References

https://wordpress.org/plugins/wp-fastest-cache/#developers
x_refsource_CONFIRM
https://plugins.trac.wordpress.org/changeset/2124619
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2124614
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.