WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

wp-super-cache

Software

WP Super Cache

Vulnerable Versions

<= 1.7.1

Fixed in version

1.7.2

CVE

CVE-N/A

References

Plugin changelog
CVE-2021-24209

Credits

m0ze (Patchstack Red Team)

Classification

Remote Code Execution (RCE)

OWASP Top 10

A7: Missing Function Level Access Control

Disclosure Date

2021-03-16

CVSS 3.0 score

7.2

High

Are your websites subject to this vulnerability?

Details

Authenticated Remote Code Execution (RCE) vulnerability (settings page) discovered by m0ze (Patchstack Red Team) in WordPress WP Super Cache plugin (versions <= 1.7.1).

Solution

Update the WordPress WP Super Cache plugin to the latest available version (at least 1.7.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Vulnerability Database

WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

wp-super-cache

Software

WP Super Cache

Vulnerable Versions

<= 1.7.1

Fixed in version

1.7.2

CVE

CVE-N/A

References

Plugin changelog
CVE-2021-24209

Credits

m0ze (Patchstack Red Team)

Classification

Remote Code Execution (RCE)

OWASP Top 10

A7: Missing Function Level Access Control

Disclosure Date

2021-03-16

CVSS 3.0 score

7.2

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Remote Code Execution (RCE) vulnerability (settings page) discovered by m0ze (Patchstack Red Team) in WordPress WP Super Cache plugin (versions <= 1.7.1).

Solution

Update the WordPress WP Super Cache plugin to the latest available version (at least 1.7.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

Vulnerability Database

WordPress WP Super Cache plugin <= 1.7.1 - Authenticated Remote Code Execution (RCE) vulnerability

wp-super-cache

Software

WP Super Cache

Vulnerable Versions

<= 1.7.1

Fixed in version

1.7.2

CVE

CVE-N/A

References

Plugin changelog CVE-2021-24209

Credits

m0ze (Patchstack Red Team)

Classification

Remote Code Execution (RCE)

OWASP Top 10

A7: Missing Function Level Access Control

Disclosure Date

2021-03-16

CVSS 3.0 score

7.2

Plugin does not exist, is not supported or discontinued.

Are your websites subject to this vulnerability?

Details

Authenticated Remote Code Execution (RCE) vulnerability (settings page) discovered by m0ze (Patchstack Red Team) in WordPress WP Super Cache plugin (versions <= 1.7.1).

Solution

Update the WordPress WP Super Cache plugin to the latest available version (at least 1.7.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

Solutions

Patchstack

© 2022 Patchstack

© 2021 Patchstack

Plugin changelog
CVE-2021-24209