Lucene search

Gen SatoPATCHSTACK:E36CE350860E7D9A307758A00A95B3F6

HistoryApr 27, 2021 - 12:00 a.m.

WordPress WP Fastest Cache plugin <= 0.9.1.6 - Authenticated Arbitrary File Deletion via Path Traversal vulnerability

2021-04-2700:00:00

Gen Sato

patchstack.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

JSON

Authenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Gen Sato in WordPress WP Fastest Cache plugin (versions <= 0.9.1.6).

Solution

           Update the WordPress WP Fastest Cache plugin to the latest available version (at least 0.9.1.7).

CPENameOperatorVersion
wp fastest cachele0.9.1.6

CPE	Name	Operator	Version
	wp fastest cache	le	0.9.1.6

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20714

jvn.jp/en/jp/JVN35240327/

wordpress.org/plugins/wp-fastest-cache/#developers

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

JSON

Related for PATCHSTACK:E36CE350860E7D9A307758A00A95B3F6