Unauthorized File Deletion Vulnerability in WP Fastest Cache
CVE-2020-36836
8.8HIGH
Summary
The WP Fastest Cache plugin for WordPress is susceptible to a security flaw that permits authenticated users with minimal permissions to delete arbitrary files from the server. This vulnerability arises from inadequate capability checks and insufficient validation of file paths. Consequently, it poses a significant risk to the integrity of the server and its files, allowing potential exploitation by users with low-level access.
Affected Version(s)
WP Fastest Cache * < 0.9.0.3
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Glyn Wintle