CVE-2020-36836

HIGH

8.0

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

CVE Details

CVSS v3.1 Score8.0

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published10/16/2024

Last Modified4/8/2026

Sourcenvd

Honeypot Sightings0

Affected Products

wpfastestcache:wp_fastest_cache

Weaknesses (CWE)

CWE-352CWE-22

References

https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache(security@wordfence.com)

https://wearetradecraft.com/advisories/tc-2020-0001/(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve(security@wordfence.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.