CVE-2019-6726

MEDIUM

WP Fastest Cache < 0.8.9.0 - Unauthenticated Arbitrary File Deletion via HTTP Referer Header

Title source: llm
STIX 2.1

Description

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.

References (5)

Core 5
Core References
Product x_refsource_misc
https://www.wpfastestcache.com/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/152042

Scores

CVSS v3 6.5
EPSS 0.0435
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Details

CWE
CWE-22
Status published
Products (1)
wpfastestcache/wp_fastest_cache < 0.8.9.0
Published Jul 29, 2019
Tracked Since Feb 18, 2026