CVE-2021-24209

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:automattic:wp_super_cache:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:52

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache - Patch, Third Party Advisory () https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache - Patch, Third Party Advisory
References () https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 - Exploit, Third Party Advisory

07 Nov 2023, 03:31

Type Values Removed Values Added
CWE CWE-94

04 Jul 2023, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt', 'name': 'https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}

30 Jun 2023, 17:43

Type Values Removed Values Added
CWE CWE-20 CWE-94

Information

Published : 2021-04-05 19:15

Updated : 2024-11-21 05:52


NVD link : CVE-2021-24209

Mitre link : CVE-2021-24209

CVE.ORG link : CVE-2021-24209


JSON object : View

Products Affected

automattic

  • wp_super_cache
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')