CVE-2021-24430

Summary

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

Affected Software

VendorProductVersion RangeStatus
UnknownSpeed Booster Pack ⚡ PageSpeed Optimization Suite4.2.0-beta < 4.2.0-beta*affected
UnknownSpeed Booster Pack ⚡ PageSpeed Optimization Suite4.2.0 < 4.2.0affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References