CVE-2021-24209
Summary
| CVE | CVE-2021-24209 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-04-05 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:31:00 UTC |
|---|
| Description | The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| m0ze.ru/vulnerability/[2021-03-13]-[WordPress]-[CWE-94]-WP-Super-Cach... |
MISC |
m0ze.ru |
Broken Link |
| Attention Required! | Cloudflare |
CONFIRM |
wpscan.com |
|
| 403 Forbidden |
MISC |
plugins.trac.wordpress.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 154093 Word Press Super Cache WordPress plugin before 1.7.2 was affected by an authenticated0 (admin+) RCE
- 730116 WordPress Super Cache WordPress plugin authenticated (admin+) RCE Vulnerability
