CVE-2013-2011
WP Super Cache < 1.3.2 - Remote Code Execution
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
WordPress W3 Super Cache Plugin versiones anteriores a 1.3.2, contiene una vulnerabilidad de ejecución de código PHP que podría permitir a atacantes remotos inyectar código arbitrario. Este problema se presenta debido a una corrección incompleta para CVE-2013-2009.
*Credits:
Kurt Seifried (Red Hat SRT)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2014-08-01 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-116: Improper Encoding or Escaping of Output
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/59473 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83800 | Third Party Advisory | |
| https://security-tracker.debian.org/tracker/CVE-2013-2011 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/04/25/4 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Automattic Search vendor "Automattic" | W3 Super Cache Search vendor "Automattic" for product "W3 Super Cache" | < 1.3.2 Search vendor "Automattic" for product "W3 Super Cache" and version " < 1.3.2" | wordpress |
Affected
| ||||||