WordPress Plugin Vulnerabilities

WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal

Description

The plugin did not validate a path parameter, allowing administrators to delete arbitrary files on the server via a path traversal attack

Affects Plugins

Plugin icon
wp-fastest-cache
Fixed in 0.9.1.7

References

CVE
CVE-2021-20714
URL
https://jvn.jp/en/jp/JVN35240327/

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
3.8 (low)

Miscellaneous

Original Researcher
Gen Sato of Mitsui Bussan Secure Direction
Verified
Yes
WPVDB ID
23e27365-9374-4f69-a05c-084e5c9aa097

Timeline

Publicly Published
2021-04-27 (about 3 years ago)
Added
2021-04-27 (about 3 years ago)
Last Updated
2021-04-29 (about 3 years ago)

Other

Published
Title
Published
2021-10-29
Title
Download Monitor < 4.4.7 - Admin+ Arbitrary File Download
Published
2023-05-15
Title
Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal
Published
2022-10-28
Title
Ultimate Member < 2.5.1 - Admin+ RCE
Published
2022-04-28
Title
All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal
Published
2021-12-14
Title
True Ranker < 2.2.4 - Unauthenticated Arbitrary File Access via Path Traversal