WP Fastest Cache < 0.9.1.7 - Authenticated Arbitrary File Deletion via Path Traversal
Description
The plugin did not validate a path parameter, allowing administrators to delete arbitrary files on the server via a path traversal attack
Affects Plugins
Fixed in version 0.9.1.7✓
References
Classification
Miscellaneous
Original Researcher
Gen Sato of Mitsui Bussan Secure Direction
Verified
Yes
Timeline
Publicly Published
2021-04-27 (about 2 months ago)
Added
2021-04-27 (about 2 months ago)
Last Updated
2021-04-29 (about 2 months ago)