CVE-2019-6726
Severity
6.5MEDIUM
EPSS
3.9%
top 11.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 29
Latest updateMay 24
Description
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 2.2 | Impact: 4.2