Unauthorized File Deletion Vulnerability in WP Fastest Cache
CVE-2020-36836

8.1HIGH

Key Information:

Vendor: Wordpress
Status: WP Fastest Cache
Vendor: CVE Published:; 16 October 2024

Summary

The WP Fastest Cache plugin for WordPress is susceptible to a security flaw that permits authenticated users with minimal permissions to delete arbitrary files from the server. This vulnerability arises from inadequate capability checks and insufficient validation of file paths. Consequently, it poses a significant risk to the integrity of the server and its files, allowing potential exploitation by users with low-level access.

Affected Version(s)

WP Fastest Cache * < 0.9.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wearetradecraft.com/advisories/tc-2020-0001/

https://plugins.trac.wordpress.org/changeset/2235160/wp-f...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 15, 2024

Credit

Glyn Wintle