CVE-2020-36836

HIGH EXPLOITED NUCLEI

WP Fastest Cache <0.9.0.2 - Privilege Escalation

Title source: llm

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2020/CVE-2020-36836.md

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

HIGHVERIFIEDby melmathari

Shodan: http.html:/wp-content/plugins/wp-fastest-cache/

FOFA: body=/wp-content/plugins/wp-fastest-cache/

References (3)

[Patch] https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache

[Exploit, Third Party Advisory] https://wearetradecraft.com/advisories/tc-2020-0001/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve

Scores

CVSS v3 8.0

EPSS 0.3736

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-10-15

CWE

CWE-22 CWE-352

Status published

Products (2)

emrevona/WP Fastest Cache – WordPress Cache Plugin < 0.9.0.3

wpfastestcache/wp_fastest_cache < 0.9.0.3

Published Oct 16, 2024

Tracked Since Feb 18, 2026