CVE-2021-24209
N/A
N/A
Summary
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP Super Cache | 0 < 1.7.2 | affected |
Weaknesses
- CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3
- https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache
References
- https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3
- https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.