Security Advisory

CVE-2021-24209

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-05 18:27:46

Last updated 2024-08-03 19:21:18

Assigner WPScan

State PUBLISHED

Description

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.

← Browse all CVEs View on cve.org ↗