S4E

CVE-2020-36836 Scanner

CVE-2020-36836 Scanner - Arbitrary File Deletion vulnerability in WordPress WP Fastest Cache

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

17 days 23 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The WP Fastest Cache plugin is a popular caching solution used by WordPress website administrators to enhance the speed and performance of their sites. It is widely utilized due to its simplicity and effectiveness in reducing server load and improving user experience. The plugin is developed to automatically generate static HTML files from dynamic WordPress content. Site managers and developers often rely on it to decrease loading times for visitors, especially for high-traffic websites. By leveraging caching mechanisms, this plugin helps in decreasing the time to deliver pages to users, which can be critical in maintaining user engagement and search engine optimization. It's a favored choice for WordPress users aiming for an easy-to-manage performance upgrade solution.

The Arbitrary File Deletion vulnerability in the WP Fastest Cache plugin allows authenticated users with minimal permissions to delete files on the server without proper authorization checks. This flaw is possible due to inadequate capability checking and insufficient path validation in the plugin's code. As a result, malicious users could exploit this vulnerability to affect server functionality or erase crucial site files. The vulnerability has been identified in versions up to 0.9.0.2. Organizations using this plugin must be aware and consider implementing necessary updates to mitigate associated risks. The implications of such a vulnerability can be severe, disrupting website operations.

Technical details of the vulnerability include a lack of proper validation on user capabilities and path traversal checks within the WP Fastest Cache plugin. The vulnerable parameter is identified in the 'wpfc_delete_current_page_cache' action, accessed via the 'admin-ajax.php' endpoint. Exploitation requires an authenticated user session, but the attacker does not need elevated privileges beyond basic user-level access. By manipulating requests, attackers can direct the plugin to delete arbitrary files on the server, which can impede the safe running of applications hosted there. The parameter handling does not adequately restrict actions to authorized users, thus permitting exploitative behaviors.

The possible effects of this vulnerability are diverse and hazardous, as malicious users can remove vital system files, potentially leading to partial or full service denial. It can also lead to prolonged downtime if critical files are deleted, requiring restoration from backups. The business impact can be significant, including loss of revenue from e-commerce sites or reputational damage. If attackers delete index or configuration files, it can also expose sensitive data due to configuration reset or non-execution of security rules. Recovering from such incidents typically entails further resource allocation towards security audits and implementation of stricter access controls.

REFERENCES

Get started to protecting your digital assets