Unauthorized File Deletion Vulnerability in WP Fastest Cache
CVE-2020-36836

8.8HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
16 October 2024

Summary

The WP Fastest Cache plugin for WordPress is susceptible to a security flaw that permits authenticated users with minimal permissions to delete arbitrary files from the server. This vulnerability arises from inadequate capability checks and insufficient validation of file paths. Consequently, it poses a significant risk to the integrity of the server and its files, allowing potential exploitation by users with low-level access.

Affected Version(s)

WP Fastest Cache * < 0.9.0.3

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Glyn Wintle
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.