CVE-2020-36836
published 2024-10-16CVE-2020-36836: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of…
PriorityP275high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.37%
68.4th percentile
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emrevona | wp_fastest_cache_wordpress_cache_plugin | < 0.9.0.3 | 0.9.0.3 |
| wpfastestcache | wp_fastest_cache | < 0.9.0.3 | 0.9.0.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for POST requests to /wp-admin/admin-ajax.php with a 'path' query parameter containing directory traversal sequences (e.g., /../../../) and the POST body containing action=wpfc_delete_current_page_cache ↗
- →A successful exploitation response will contain both 'The cache of page has been cleared' and 'success' in the response body with HTTP 200 ↗
- →Confirm plugin presence by checking for HTTP 200 on GET /wp-content/plugins/wp-fastest-cache/ before exploitation attempts ↗
- →After exploitation, the targeted path returns HTTP 404, confirming successful arbitrary file/directory deletion ↗
- ·Exploitation requires authentication — the attacker must first obtain a valid WordPress session cookie (wordpress_logged_in) via /wp-login.php before sending the malicious admin-ajax.php request ↗
- ·The vulnerability affects only WP Fastest Cache versions up to and including 0.9.0.2; version 0.9.0.3 and later are patched ↗
- ·Minimal WordPress permissions are sufficient for exploitation — capability checking is absent in the vulnerable versions ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
vulncheck8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g4xm-rx7f-2jj3: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0
ghsa_unreviewed·2024-10-16
CVE-2020-36836 [HIGH] CWE-22 GHSA-g4xm-rx7f-2jj3: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
VulnCheck
WP Fastest Cache plugin for WordPress Unauthorized Arbitrary File Deletion Vulnerability
vulncheck·2020·CVSS 8.0
CVE-2020-36836 [HIGH] WP Fastest Cache plugin for WordPress Unauthorized Arbitrary File Deletion Vulnerability
WP Fastest Cache plugin for WordPress Unauthorized Arbitrary File Deletion Vulnerability
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
Affected: Emre Vona WP Fastest Cache plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-fastest-cache/wp-fastest-cache-0902-authenticated-subscriber-arbitra
No detection rules found.
Nuclei
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
nuclei·CVSS 8.1
CVE-2020-36836 [HIGH] WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
Template:
id: CVE-2020-36836
info:
name: WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
author: melmathari
severity: high
description: |
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it pos
No writeups or analysis indexed.
2024-10-16
Published
Exploited in the wild