Arbitrary Directory Deletion in WP-Fastest-Cache

Arbitrary Directory Deletion in WP-Fastest-CacheThe WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org:

“A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and
directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and
then uses string concatenation to build an absolute path.

Continue reading Arbitrary Directory Deletion in WP-Fastest-Cache at Sucuri Blog.

Source: Scuri check