SB2019031001 - Arbitrary file deletion in WP Fastest Cache plugin for WordPress

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2019-6726)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to delete arbitrary files on the target system.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via Referer HTTP header within the wp_postratings_clear_cache() function. A remote attacker can send a specially crafted HTTP request and delete arbitrary .php files on the server, causing denial of service attack.

Remediation

Install update from vendor's website.

References

• https://0day.work/cve-2019-6726-arbitrary-file-deletion-in-wp-fastest-cache-0-8-8-1/
• https://wpvulndb.com/vulnerabilities/9226/