CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4347 – WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4347
10 May 2024 — The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment. El complemento WP Fastest Cache para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.6 incluida a través de la función... • https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36836 – WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2020-36836
05 Feb 2020 — The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. • https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •