42 matches found
EUVD-2021-11226
Malware in sbrugna...
CVE-2021-24312
The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209...
CVE-2021-24329
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue...
CVE-2021-24209
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
CVE-2013-2009
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution...
WP Super Cache < 1.9 - Unauthenticated Cache Poisoning
The plugin is affected by a cache poisoning issue PoC curl 'https://example.com//?s=12333'...
WP Super Cache < 1.9 - Unauthenticated Cache Poisoning
The plugin is affected by a cache poisoning issue curl 'https://example.com//?s=12333'...
WordPress WP Super Cache Plugin < 1.7.3 Multiple Vulnerabilities
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24329
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue...
CVE-2021-24312
The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209...
CVE-2021-24312
The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209...
Design/Logic Flaw
The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209...
CVE-2021-24329 WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue...
CVE-2021-24329
CVE-2021-24329 affects the WordPress WP Super Cache plugin, specifically versions before 1.7.3. The vulnerability arises because the plugin does not properly sanitize the wp_cache_location parameter in its Settings, enabling a stored cross-site scripting (XSS) condition. Impact is described as a ...
CVE-2021-24312
WP Super Cache plugin for WordPress is affected (versions before 1.7.3). The vulnerability arises from the settings parameters (e.g., $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages) allowing input of '$' and '\n', enabling remote code...
CVE-2021-24312 WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirectpages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209...
WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise its wpcachelocation parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. PoC -- Payloads: $ ";' onmouseover=alertdocument.cookie; style=position:fixed;width:100%;height:100%;margin:0;padding:0;left:0;top:0; $ ";'...
CVE-2021-24209
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
CVE-2021-24209
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
Input validation
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...