{"api_version":"1","generated_at":"2026-04-23T00:59:40+00:00","cve":"CVE-2024-4347","urls":{"html":"https://cve.report/CVE-2024-4347","api":"https://cve.report/api/cve/CVE-2024-4347.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-4347","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-4347"},"summary":{"title":"WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-05-23 06:15:11","updated_at":"2026-04-08 18:21:46"},"problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"baseScore":7.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342","name":"https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1","name":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-4347","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4347","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"emrevona","product":"WP Fastest Cache – WordPress Cache Plugin","version":"affected 1.2.6 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-05-10T09:04:32.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Khayal Farzaliyev","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-4347","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-05-23T14:32:47.566445Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-04T17:53:52.105Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-01T20:40:46.511Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"WP Fastest Cache – WordPress Cache Plugin","vendor":"emrevona","versions":[{"lessThanOrEqual":"1.2.6","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Khayal Farzaliyev"}],"descriptions":[{"lang":"en","value":"The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment."}],"metrics":[{"cvssV3_1":{"baseScore":7.2,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T16:57:17.405Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/634d4062-7004-4e89-89a8-323c939aae93?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/wp-fastest-cache/trunk/wpFastestCache.php#L1342"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1"}],"timeline":[{"lang":"en","time":"2024-05-10T09:04:32.000Z","value":"Disclosed"}],"title":"WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbitrary File Deletion"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-4347","datePublished":"2024-05-23T05:32:15.439Z","dateReserved":"2024-04-30T13:56:42.871Z","dateUpdated":"2026-04-08T16:57:17.405Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-05-23 06:15:11","lastModifiedDate":"2026-04-08 18:21:46","problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"4347","Ordinal":"1","Title":"WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbit","CVE":"CVE-2024-4347","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"4347","Ordinal":"1","NoteData":"The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.","Type":"Description","Title":"WP Fastest Cache <= 1.2.6 - Authenticated (Administrator+) Arbit"}]}}}