WordPress Plugin Vulnerabilities

WP-Super-Cache 1.3 - Remote Code Execution

Description

The WP Super Cache WordPress plugin was affected by a Remote Code Execution security vulnerability.

Affects Plugins

Plugin icon
wp-super-cache
Fixed in 1.3.2

References

CVE
CVE-2013-2011
CVE
CVE-2013-2009
URL
https://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
eb7d1384-a508-4181-b88c-cbd574506713

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2019-02-19
Title
WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
Published
2026-05-01
Title
Widget Options < 4.2.3 - Contributor+ Remote Code Execution via Display Logic
Published
2025-06-09
Title
Widget Logic < 6.0.6 - Contributor+ Remote Code Execution
Published
2026-02-11
Title
Armania <= 1.4.8 - Unauthenticated Arbitrary Shortcode Execution
Published
2018-11-11
Title
Simple Link Directory < 5.6.0 - Authenticated PHP Object Injection