Arbitrary Directory Deletion in WP-Fastest-Cache

The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org:

“A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and
directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and
then uses string concatenation to build an absolute path.

Continue reading Arbitrary Directory Deletion in WP-Fastest-Cache at Sucuri Blog.

Read more: Arbitrary Directory Deletion in WP-Fastest-Cache

Story added 18. March 2019, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

2017 Antivirus News | Powered by WordPress | Fluxipress Theme | Show My IP Address, check blacklists | Free Favicon, Android and Apple Icon Generator | Bitcoin and Crypto Currency News