Vulnerability Description
The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpfastestcache | Wp Fastest Cache | <= 0.8.9.0 |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/152042ExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCacheThird Party Advisory
- https://wordpress.org/plugins/wp-fastest-cache/Product
- https://wordpress.org/plugins/wp-fastest-cache/#developersRelease Notes
- https://www.wpfastestcache.com/Product
- https://packetstormsecurity.com/files/152042ExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCacheThird Party Advisory
- https://wordpress.org/plugins/wp-fastest-cache/Product
- https://wordpress.org/plugins/wp-fastest-cache/#developersRelease Notes
- https://www.wpfastestcache.com/Product
FAQ
What is CVE-2019-6726?
CVE-2019-6726 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php m...
How severe is CVE-2019-6726?
CVE-2019-6726 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6726?
Check the references section above for vendor advisories and patch information. Affected products include: Wpfastestcache Wp Fastest Cache.