cbcvebase.
CVE-2013-2009
published 2020-02-07

CVE-2013-2009: WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution

PriorityP265high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
12.98%
95.8th percentile
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution

Affected

3 ranges
VendorProductVersion rangeFixed in
automatticw3_super_cache< 1.3.21.3.2
automatticwp_super_cache
super_cache_pluginsuper_cache_plugin

Detection & IOCsextracted from sources · hover to see the quote

versionWP Super Cache 1.2
  • Monitor for remote PHP code execution attempts targeting the WP Super Cache plugin (version 1.2) in WordPress environments.
  • Alert on arbitrary PHP code execution occurring within the web server process context, potentially originating from WP Super Cache plugin requests.
  • ·Other versions of WP Super Cache beyond 1.2 may also be affected and should not be assumed safe without verification.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.