We disclosed three plugin vulnerabilities yesterday that we’d like to bring to your attention to. Local File Inclusion Vulnerability Severity 4.2 (Medium) and Unauthorized Options Update Vulnerability Severity 4.4 (Medium) in WP Fastest Cache Wordfence Security Researcher Panagiotis Vagenas discovered both of these vulnerabilities in the WP Fastest Cache plugin which we reported to the author yesterday. The Local File Inclusion vulnerability allows an attacker to execute code on the target web server or on a site visitor’s browser. This enables the attacker to steal or manipulate data, perform a denial of service attack or enable additional attack types such as Cross Site Scripting. Wordfence Firewall provided protection against this type of attack prior to discovery. The Options Update vulnerability allows an attacker to access and make changes to the CDN (Content Delivery Network) options for the website. With this control an attacker can direct all requests for css files, images, videos, etc. to their site, allowing them to serve malicious content to visitors of the vulnerable site. Local File Inclusion CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Options
Share This