WordPress Plugin Vulnerabilities

WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)

Description

The plugin was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.

Another possible attack vector: from XSS (via another plugin affected by XSS) to RCE.

Proof of Concept

Affects Plugins

Plugin icon
wp-super-cache
Fixed in 1.7.2

References

CVE
CVE-2021-24209
Exploitdb
49718
URL
https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt
URL
https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
7.2 (high)

Miscellaneous

Original Researcher
m0ze
Verified
Yes
WPVDB ID
733d8a02-0d44-4b78-bbb2-37e447acd2f3

Timeline

Publicly Published
2021-03-16 (about 4 years ago)
Added
2021-03-16 (about 4 years ago)
Last Updated
2021-05-14 (about 4 years ago)

Other

Published
Title
Published
2023-11-24
Title
Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
Published
2014-08-01
Title
XML Sitemap Generator 3.2.8 - XML File Overwrite Arbitrary Code Execution
Published
2024-05-07
Title
WP Latest Posts < 5.0.8 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Published
2024-08-07
Title
WooCommerce Product Table Lite < 3.8.6 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-01-03
Title
WP Ultimate Exporter < 2.9.2 - Authenticated (Admin+) Remote Code Execution