Arbitrary directory deletion vulnerability in WP Fastest Cache plugin patched
- The vulnerability CVE-2019-6726 is present during the installation alongside the WP PostRatings plugin.
- The flaw can lead to data loss and a potential DoS attack against vulnerable websites.
The WP Fastest Cache plugin authors have released an update to fix a vulnerability in the plugin. The vulnerability in question is CVE-2019-6726, present during the installation alongside the WP PostRatings plugin.
What is the flaw - According to seclists.org, the flaw can enable an unauthenticated attacker to create a path directory from which files and directories are to be deleted. It can lead to data loss and a potential DoS attack against vulnerable websites.
“A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and then uses string concatenation to build an absolute path. This path is then passed to the 'rm_folder_recursively' function which deletes folders and their files in a recursive manner,” seclists.org wrote in its report.
What is its impact - In detailed research, Sebastian Neef, a zero-day vulnerability explorer, reported that the flaw may have affected close to 10,000 websites. While WP-Fastest-Cache has over 900,000 installs, WP-PostRatings plugin has around 100,000 installs.
An attacker can leverage the flaw to delete files from directories.
Sucuri researchers noted that WP PostRatings is not vulnerable by itself. Its presence is just a condition for the exploit to work. The vulnerability can not be exploited if the plugin is not installed.
What can be done about it - Users using WP Fastest Cache plugin are urged to update it to the latest version 0.8.9.1 as soon as possible. Webmasters are advised to use only the required few plugins and keep them all updated.