Arbitrary file deletion in WP Fastest Cache plugin for WordPress
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-6726 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
WP Fastest Cache Web applications / Modules and components for CMS |
| Vendor | Emre Vona |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU18077
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6726
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to delete arbitrary files on the target system.
The vulnerability exists due to input validation error when processing directory traversal sequences passed via Referer HTTP header within the wp_postratings_clear_cache() function. A remote attacker can send a specially crafted HTTP request and delete arbitrary .php files on the server, causing denial of service attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWP Fastest Cache: 0.8.6.6 - 0.8.9.0
External linkshttp://0day.work/cve-2019-6726-arbitrary-file-deletion-in-wp-fastest-cache-0-8-8-1/
http://wpvulndb.com/vulnerabilities/9226/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
