ГлавнаяУязвимости → CVE-2020-36836
8высокая

CVE-2020-36836

Описание

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

Затрагиваемое ПО
Wpfastestcache Wp fastest cache
CVSS
Балл8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Источники
https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cachehttps://wearetradecraft.com/advisories/tc-2020-0001/https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=cve