The plugin was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. Another possible attack vector: from XSS (via another plugin affected by XSS) to RCE.
Payloads: ‘;system($_GET[13]);include_once 'wp-cache-config.php';’ ';$_GET[13]
;include_once 'wp-cache-config.php';?>
CPE | Name | Operator | Version |
---|---|---|---|
wp-super-cache | lt | 1.7.2 |