CVE-2020-36836

HIGH EXPLOITED NUCLEI

WP Fastest Cache <0.9.0.2 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2020-36836 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2020-36836, demonstrating an unauthorized arbitrary file deletion vulnerability in the WP Fastest Cache plugin for WordPress. The PoC includes a crafted HTTP request to exploit the vulnerability.

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2020/CVE-2020-36836.md

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2020-36836, demonstrating an unauthorized arbitrary file deletion vulnerability in the WP Fastest Cache plugin for WordPress. The PoC includes a crafted HTTP request to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WP Fastest Cache plugin for WordPress (versions up to and including 0.9.0.2)

No auth needed

Prerequisites: Access to the target WordPress site with the vulnerable plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

HIGHVERIFIEDby melmathari

Shodan: http.html:/wp-content/plugins/wp-fastest-cache/

FOFA: body=/wp-content/plugins/wp-fastest-cache/

References (3)

Core 3

Core References

Patch

https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache

Exploit, Third Party Advisory

https://wearetradecraft.com/advisories/tc-2020-0001/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve

Scores

CVSS v3 8.0

EPSS 0.0137

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-10-15

CWE

CWE-22 CWE-352

Status published

Products (2)

emrevona/WP Fastest Cache – WordPress Cache Plugin < 0.9.0.3

wpfastestcache/wp_fastest_cache < 0.9.0.3

Published Oct 16, 2024

Tracked Since Feb 18, 2026