Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-36836

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-22 — Path Traversal5 documents5 sources

Severity

8.1HIGH

EPSS

43.1%

top 2.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Emrevona WP Fastest Cache – Wordpress Cache Plugin Wpfastestcache WP Fastest Cache

Timeline

PublishedOct 16

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5emrevona/wp_fastest_cache_–_wordpress_cache_plugin< 0.9.0.3

▶NVDwpfastestcache/wp_fastest_cache< 0.9.0.3

Patches

Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

CVEList

WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion↗2024-10-16

▶

GHSA

GHSA-g4xm-rx7f-2jj3: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0↗2024-10-16

▶

VulnCheck

WP Fastest Cache plugin for WordPress Unauthorized Arbitrary File Deletion Vulnerability↗2020

▶

💥Exploits & PoCs

Nuclei

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

▶