CVE-2021-24312

CVE-2021-24312: WP Super Cache < 1.7.3 - Authenticated Remote Code Execution

Vendor Automattic
Product WP Super Cache
Weakness CWE-94 · Code injection
Published June 1, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.

Key dates

02Disclosure timeline

June 1, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE