Plattform
wordpress
Komponente
wp-fastest-cache
Behoben in
1.2.7
CVE-2024-4347 is an Arbitrary File Access vulnerability affecting the WP Fastest Cache plugin for WordPress. This vulnerability allows authenticated attackers to delete arbitrary files on the server, potentially leading to complete site compromise or impacting other sites on shared hosting environments. The vulnerability impacts versions of WP Fastest Cache up to and including 1.2.6. A patch is available; upgrade to a fixed version to remediate the issue.
The primary impact of CVE-2024-4347 is the ability for an authenticated attacker to delete arbitrary files on the web server. This includes critical configuration files like wp-config.php, which contains database credentials and other sensitive settings. Successful exploitation could lead to complete site compromise, data exfiltration, and denial of service. In shared hosting environments, the vulnerability could potentially allow an attacker to impact other websites hosted on the same server by deleting their configuration files. The ease of authentication required for exploitation increases the potential for widespread impact.
CVE-2024-4347 was publicly disclosed on May 23, 2024. There is currently no indication of active exploitation campaigns. No Proof of Concept (PoC) code has been publicly released as of this writing. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 7.2 (HIGH) indicates a significant potential for exploitation if left unaddressed.
WordPress websites using the WP Fastest Cache plugin, particularly those hosted on shared hosting environments, are at risk. Sites with weak user authentication or those that haven't implemented proper access controls are especially vulnerable. Legacy WordPress installations with outdated plugins are also at increased risk.
• wordpress / composer / npm:
wp plugin list | grep "WP Fastest Cache"• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
grep -r "specificDeleteCache" /var/www/html/wp-content/plugins/wp-fastest-cache/• generic web: Check WordPress plugin directory for updates and security advisories related to WP Fastest Cache.
disclosure
Exploit-Status
EPSS
5.50% (90% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-4347 is to upgrade the WP Fastest Cache plugin to a version that addresses the vulnerability. The vendor has not released a specific fixed version in the provided data, so check the WP Fastest Cache website for the latest release. As a temporary workaround, restrict file permissions on the server to prevent unauthorized file deletion. Consider implementing a Web Application Firewall (WAF) with rules to block suspicious file deletion attempts targeting the specificDeleteCache function. Regularly review server logs for any unusual file access or deletion activity.
Actualice el plugin WP Fastest Cache a la última versión disponible. La vulnerabilidad que permite el borrado arbitrario de archivos se ha corregido en versiones posteriores a la 1.2.6.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-4347 is a vulnerability in WP Fastest Cache versions up to 1.2.6 that allows authenticated attackers to delete arbitrary files on the server, potentially compromising the site or shared hosting environment.
You are affected if you are using WP Fastest Cache version 1.2.6 or earlier. Check your plugin version and upgrade immediately if necessary.
Upgrade the WP Fastest Cache plugin to a version newer than 1.2.6. If upgrading is not immediately possible, implement temporary mitigations like restricting file access permissions and using a WAF.
There is currently no confirmed active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the WP Fastest Cache official website and WordPress plugin directory for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.