CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20714 – WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2021-20714
27 Apr 2021 — Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. La vulnerabilidad de salto de directorio en WP Fastest Cache versiones anteriores a 0.9.1.7 permite a un atacante remoto con privilegios de administrador eliminar archivos arbitrarios en el servidor por medio de vectores no especificados • https://jvn.jp/en/jp/JVN35240327/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36836 – WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2020-36836
05 Feb 2020 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. • https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13635 – WP Fastest Cache <= 0.8.9.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-13635
28 Jul 2019 — The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. El plugin WP Fastest Cache hasta versión 0.8.9.5 para WordPress, permite un Salto de Directorio de los archivos wpFastestCache.php e inc/cache.php. WordPress WP Fastest Cache plugin versions 0.8.9.5 and below suffer from a directory traversal vulnerability. • http://packetstormsecurity.com/files/153821/WordPress-WP-Fastest-Cache-0.8.9.5-Directory-Traversal.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-6726 – WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2019-6726
11 Mar 2019 — The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. El plugin WP Fastest Cache hasta la versión 0.8.9.0 para WordPress, permite a los atacantes remotos eliminar archivos arbitrarios debido a las funciones wp_postratings_clear_fastest_cache y rm_folder_recursively en el archivo wpFastestCache.php manejan inapropiadamente ..... • https://packetstormsecurity.com/files/152042 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17583 – WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via the rules[0][content] parameter in a wpfc_save_exclude_pages action
https://notcve.org/view.php?id=CVE-2018-17583
09 Oct 2018 — The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. El plugin WP Fastest Cache versión 0.8.8.5 para WordPress es vulnerable a un XSS a través del parámetro rules[0][content] en una acción wpfc_save_exclude_pages. • https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17584 – WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions
https://notcve.org/view.php?id=CVE-2018-17584
09 Oct 2018 — The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. El plugin WP Fastest Cache versión 0.8.8.5 para WordPress es vulnerable a un CSRF a través de la página wp-admin/admin.php wpfastestcacheoptions. • https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17585 – WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via wpFastestCachePage options, wpFastestCachePreload_number or wpFastestCacheLanguage parameter
https://notcve.org/view.php?id=CVE-2018-17585
09 Oct 2018 — The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. El plugin WP Fastest Cache versión 0.8.8.5 para WordPress es vulnerable a un XSS a través del parámetro wpfastestcacheoptions, wpFastestCachePreload_number o wpFastestCacheLanguage. • https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17586 – WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via rules[0][content] parameter
https://notcve.org/view.php?id=CVE-2018-17586
09 Oct 2018 — The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. El plugin WP Fastest Cache versión 0.8.8.5 para WordPress es vulnerable a un XSS a través del parámetro rules[0][content] en una acción wpfc_save_timeout_pages. • https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •