CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 1CVE-2021-24312 – WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-24312
14 May 2021 — The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. Los parámetros $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages usados en la configuración del plugin WP Super Cache de WordPress versiones anteriore... • https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24329 – WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24329
12 Apr 2021 — The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. El plugin WP Super Cache WordPress versiones anteriores a 1.7.3, no saneababa apropiadamente su parámetro wp_cache_location en su configuración, lo que podría conllevar a no saneababa correctamenteun problema de tipo Cross-Site Scripting almacenados The Twitter Bootstrap Slider plugin for WordPress is vulnerable to Stored Cross-S... • https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24209 – WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2021-24209
16 Mar 2021 — The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. El plugin WordPress WP Super Cache versiones anteriores a 1.7.2, estuvo afectado por una RCE autenticado (admin+) en la página de configuración debid... • https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2008 – WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2008
01 Aug 2014 — WordPress Super Cache Plugin 1.3 has XSS. WordPress Super Cache Plugin versión 1.3, presenta una vulnerabilidad de tipo XSS. The WordPress Super Cache Plugin 1.3 has XSS via several vulnerable parameters. • http://www.openwall.com/lists/oss-security/2013/04/24/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 3CVE-2013-2010 – W3 Total Cache <= 0.9.2.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2010
01 Aug 2014 — WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability WordPress W3 Total Cache Plugin versión 0.9.2.8, presenta una Vulnerabilidad de Ejecución de Código PHP Remota. • https://www.exploit-db.com/exploits/25137 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 19%CPEs: 1EXPL: 3CVE-2013-2009 – WP Super Cache <= 1.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2009
01 Aug 2014 — WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution WordPress WP Super Cache Plugin versión 1.2, presenta una Ejecución de Código PHP Remota. The WP Super Cache plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.2. This allows unauthenticated attackers to execute code on the server. • https://www.exploit-db.com/exploits/38494 • CWE-94: Improper Control of Generation of Code ('Code Injection') •