Vulnerabilities and security researches for wp-super-cache

Jun 06, 2024

CVE, Research URL: CVE-2021-24209
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: Apr 06, 2021
Research Description: The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2013-2009
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: Feb 07, 2020
Research Description: WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2013-2011
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: Dec 27, 2019
Research Description: WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24329
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: Jun 01, 2021
Research Description: The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24312
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: Jun 01, 2021
Research Description: The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
Affected versions: Min -, max -.
Status: vulnerable

PSC, Research URL: PSC-2024-64536
Home page URL: Security reports for WP Super Cache
Application: WP Super Cache
Date: -
Research Description: WP Super Cache is an essential WordPress plugin designed to optimize website performance by generating static HTML files from dynamic content. These static files are served to visitors, significantly reducing server load and enhancing website speed. With its robust caching methods, including mod_rewrite, PHP caching, and WP-Cache, WP Super Cache ensures seamless performance for both logged-in and anonymous users. Following a rigorous security evaluation, WP Super Cache has successfully obtained the Plugin Security Certification (PSC) with the status PSC-2024-64536 from CleanTalk, affirming its commitment to delivering a secure and efficient solution.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED