WordPress Plugin Vulnerabilities

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

Description

The plugin did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

Proof of Concept

Affects Plugins

Plugin icon
speed-booster-pack
Fixed in 4.2.0

References

CVE
CVE-2021-24430
URL
https://m0ze.ru/vulnerability/[2021-05-10]-[WordPress]-[CWE-94]-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.0 (critical)

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter website
https://m0ze.ru/
Submitter twitter
vladm0ze
Verified
Yes
WPVDB ID
945d6d2e-fa25-42c0-a7b4-b1794732a0df

Timeline

Publicly Published
2021-07-05 (about 4 years ago)
Added
2021-07-05 (about 4 years ago)
Last Updated
2021-08-10 (about 4 years ago)

Other

Published
Title
Published
2022-11-30
Title
Easy WP SMTP < 1.5.2 - Admin+ RCE
Published
2024-01-16
Title
Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Authenticated (Contributor+) Code Injection
Published
2024-07-08
Title
Product Table by WBW < 2.0.2 - Unauthenticated Remote Code Execution
Published
2024-10-25
Title
Uix Shortcodes < 2.0.0 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-02-07
Title
WP All Export Pro < 1.9.2 - Unauthenticated Remote Code Execution via Custom Export Fields