Lucene search
WPScanCVELIST:CVE-2021-24209HistoryApr 05, 2021 - 6:27 p.m.
CVE-2021-24209 WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
2021-04-0518:27:46
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
41.0%
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Super Cache",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.7.2"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
checkpoint_advisories
checkpoint_advisories
WordPress Super Cache Plugin Remote Code Execution (CVE-2021-24209)
2021-04-25 00:00:00
prion
prion
Input validation
2021-04-05 19:15:00
Design/Logic Flaw
2021-06-01 14:15:00
wpexploit
wpexploit
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
2021-03-16 00:00:00
openvas
openvas
WordPress WP Super Cache Plugin < 1.7.2 RCE Vulnerability
2021-03-19 00:00:00
cve
cve
CVE-2021-24209
2021-04-05 19:15:17
CVE-2021-24312
2021-06-01 14:15:08
osv
osv
CVE-2021-24209
2021-04-05 19:15:17
CVE-2021-24312
2021-06-01 14:15:08
nvd
nvd
CVE-2021-24209
2021-04-05 19:15:17
CVE-2021-24312
2021-06-01 14:15:08
wpvulndb
wpvulndb
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
2021-03-16 00:00:00
cvelist
cvelist
CVE-2021-24312 WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
2021-06-01 11:33:30