Login Sign Up

CVE-2020-36836

8.8 HIGH

📋 TL;DR

The WP Fastest Cache WordPress plugin allows authenticated users with minimal permissions to delete arbitrary files from the server due to missing capability checks and insufficient path validation. This affects all WordPress sites running WP Fastest Cache version 0.9.0.2 or earlier. Attackers could delete critical system files, leading to site disruption or complete compromise.

💻 Affected Systems

Products:
  • WP Fastest Cache WordPress Plugin
Versions: All versions up to and including 0.9.0.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with WP Fastest Cache plugin enabled. Any authenticated user (including subscribers) can exploit this vulnerability.

📦 What is this software?

Wp Fastest Cache by Wpfastestcache

View all CVEs affecting Wp Fastest Cache →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker deletes critical system files (wp-config.php, .htaccess, etc.), causing complete site destruction, data loss, and potential privilege escalation to full server compromise.

🟠

Likely Case

Attacker deletes WordPress core files or plugin files, causing site malfunction, defacement, or denial of service.

🟢

If Mitigated

With proper access controls and file permissions, impact limited to files within web-accessible directories, still causing site disruption.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to WordPress. Public proof-of-concept code exists and has been weaponized in attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.0.3 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2235160/wp-fastest-cache

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Fastest Cache and click 'Update Now'. 4. Verify version is 0.9.0.3 or higher.

🔧 Temporary Workarounds

Disable WP Fastest Cache Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-fastest-cache

Restrict File Permissions

linux

Set restrictive permissions on critical WordPress files

chmod 644 wp-config.php
chmod 644 .htaccess

🧯 If You Can't Patch

  • Remove all non-essential user accounts and implement strong password policies
  • Implement web application firewall (WAF) rules to block file deletion requests to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WP Fastest Cache version in WordPress admin panel under Plugins → Installed Plugins

Check Version:

wp plugin get wp-fastest-cache --field=version

Verify Fix Applied:

Verify WP Fastest Cache version is 0.9.0.3 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in web server logs
  • POST requests to /wp-admin/admin-ajax.php with 'action=wpfc_remove_css_and_js_files' parameter

Network Indicators:

  • HTTP POST requests to admin-ajax.php with file deletion parameters from non-admin users

SIEM Query:

source="web_server_logs" AND (uri="/wp-admin/admin-ajax.php" AND method="POST" AND params CONTAINS "wpfc_remove_css_and_js_files")

📊 Metadata

CVE ID: CVE-2020-36836
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: October 16, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36836, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)