Main Vulnerability Database Vulnerabilities #VU18077

Path traversal in WP Fastest Cache - CVE-2019-6726

Published: March 25, 2019

Vulnerability identifier: #VU18077

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6726

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Emre Vona

Affected software:
WP Fastest Cache

Detailed vulnerability description

The vulnerability allows a remote attacker to delete arbitrary files on the target system.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via Referer HTTP header within the wp_postratings_clear_cache() function. A remote attacker can send a specially crafted HTTP request and delete arbitrary .php files on the server, causing denial of service attack.

How to mitigate CVE-2019-6726

Install updates from vendor's website.

Sources

https://0day.work/cve-2019-6726-arbitrary-file-deletion-in-wp-fastest-cache-0-8-8-1/
https://wpvulndb.com/vulnerabilities/9226/

Path traversal in WP Fastest Cache - CVE-2019-6726

Detailed vulnerability description

How to mitigate CVE-2019-6726

Sources

Please verify you're human