CVE-2021-24312
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2021-24312. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
Available Exploits
Related News
Affected Products
Affected Versions:
WordPress Vulnerability
Identified and analyzed by Wordfence
Software Type
Patch Status
Published
Software Details
Software Name
WP Super Cache
Software Slug
wp-super-cache
Affected Versions
Patched Versions
Remediation
Update to version 1.7.3, or a newer patched version
© Defiant Inc. Data provided by Wordfence.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: July 30, 2022