Directory Traversal Vulnerability in WP Fastest Cache Plugin for WordPress
CVE-2019-6726

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Fastest Cache
Vendor
CVE Published:
29 July 2019

Summary

The WP Fastest Cache plugin for WordPress, as of version 0.8.9.0, contains a vulnerability that enables remote attackers to exploit improper handling of the HTTP Referer header. This flaw allows unauthorized deletion of arbitrary files through the wp_postratings_clear_fastest_cache and rm_folder_recursively functions within the wpFastestCache.php script. Attackers can manipulate path traversal sequences ('../') to gain access to sensitive files on the server, potentially compromising the integrity of the website.

References

https://wordpress.org/plugins/wp-fastest-cache/#developers
x_refsource_MISC
https://wordpress.org/plugins/wp-fastest-cache/
x_refsource_MISC
https://www.wpfastestcache.com/
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.