CVE-2021-24209

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:automattic:wp_super_cache:*:*:*:*:*:wordpress:*:*

History

04 Jul 2023, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt', 'name': 'https://m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cache-WordPress-Plugin-v1.7.1.txt', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}

30 Jun 2023, 17:43

Type Values Removed Values Added
CWE CWE-20 CWE-94

Information

Published : 2021-04-05 19:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-24209

Mitre link : CVE-2021-24209

CVE.ORG link : CVE-2021-24209


JSON object : View

Products Affected

automattic

  • wp_super_cache
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')