{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-4347", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-30T13:56:42.871Z", "datePublished": "2024-05-23T05:32:15.439Z", "dateUpdated": "2026-04-08T16:57:17.405Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:17.405Z"}, "affected": [{"vendor": "emrevona", "product": "WP Fastest Cache \u2013 WordPress Cache Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment."}], "title": "WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Khayal Farzaliyev"}], "timeline": [{"time": "2024-05-10T09:04:32.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T14:32:47.566445Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:53:52.105Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:46.511Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4347", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T14:32:47.566445Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T14:32:51.978Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Khayal Farzaliyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "emrevona", "product": "WP Fastest Cache", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.2.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-05-10T09:04:32.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}], "descriptions": [{"lang": "en", "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-23T05:32:15.439Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4347", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:40:46.511Z", "dateReserved": "2024-04-30T13:56:42.871Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-23T05:32:15.439Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment."}, {"lang": "es", "value": "El complemento WP Fastest Cache para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.6 incluida a trav\u00e9s de la funci\u00f3n espec\u00edficaDeleteCache. Esto hace posible que atacantes autenticados eliminen archivos arbitrarios en el servidor, que pueden incluir archivos wp-config.php del sitio afectado u otros sitios en un entorno de alojamiento compartido."}], "id": "CVE-2024-4347", "lastModified": "2026-04-08T18:21:46.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-23T06:15:11.190", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"created": "2025-07-13T11:06:24.558025+00:00", "updated": "2025-07-13T11:06:24.558124+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}