This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Wpfastestcache First view 2019-04-15
Product Wp Fastest Cache Last view 2019-07-30
Version 0.8.8.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software wordpress  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:wpfastestcache:wp_fastest_cache

Activity : Overall

Related : CVE

  Date Alert Description
9.1 2019-07-30 CVE-2019-13635

The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.

6.5 2019-07-29 CVE-2019-6726

The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header.

6.1 2019-04-15 CVE-2018-17586

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.

6.1 2019-04-15 CVE-2018-17585

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.

8.8 2019-04-15 CVE-2018-17584

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

6.1 2019-04-15 CVE-2018-17583

The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-352 Cross-Site Request Forgery (CSRF)
16% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
16% (1) CWE-20 Improper Input Validation