CVE-2021-24209
published 2021-04-05CVE-2021-24209: The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak…
PriorityP275high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
23.84%
97.5th percentile
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automattic | wp_super_cache | < 1.7.3 | 1.7.3 |
| automattic | wp_super_cache | < 1.7.2 | 1.7.2 |
| automattic | wp_super_cache | >= 1.7.3 < 1.7.3 | 1.7.3 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x99c-f7pr-mjvv: The WP Super Cache WordPress plugin before 1
ghsa_unreviewed·2022-05-24
CVE-2021-24209 [HIGH] CWE-20 GHSA-x99c-f7pr-mjvv: The WP Super Cache WordPress plugin before 1
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
GHSA
GHSA-5r22-g25f-j577: The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of W
ghsa_unreviewed·2022-05-24·CVSS 7.2
CVE-2021-24312 [HIGH] CWE-78 GHSA-5r22-g25f-j577: The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of W
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
VulnCheck
automattic wp_super_cache Improper Control of Generation of Code ('Code Injection')
vulncheck·2021·CVSS 7.2
CVE-2021-24209 [HIGH] automattic wp_super_cache Improper Control of Generation of Code ('Code Injection')
automattic wp_super_cache Improper Control of Generation of Code ('Code Injection')
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Affected: automattic wp_super_cache
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2021-24209
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-05
Published
Exploited in the wild