High severity8.0NVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026

CVE-2020-36836

Description

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

Affected products

Wpfastestcache/Wp Fastest Cache
cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*
Range: <0.9.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cachenvdPatch
wearetradecraft.com/advisories/tc-2020-0001/nvdExploitThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acacnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.520
epss	0.035
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000