Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for wp_super_cache by automattic
CVE-2021-24329 (GCVE-0-2021-24329)
Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Super Cache |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Super Cache \u003c 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24329",
"STATE": "PUBLIC",
"TITLE": "WP Super Cache \u003c 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-23]-[WordPress]-[CWE-79]-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-23]-[WordPress]-[CWE-79]-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24329",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24312 (GCVE-0-2021-24312)
Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
Summary
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automattic | WP Super Cache |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache",
"vendor": "Automattic",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NGA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of \u0027$\u0027 and \u0027\\n\u0027. This is due to an incomplete fix of CVE-2021-24209."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:30.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Super Cache \u003c 1.7.3 - Authenticated Remote Code Execution",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24312",
"STATE": "PUBLIC",
"TITLE": "WP Super Cache \u003c 1.7.3 - Authenticated Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Automattic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NGA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of \u0027$\u0027 and \u0027\\n\u0027. This is due to an incomplete fix of CVE-2021-24209."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24312",
"datePublished": "2021-06-01T11:33:30.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24209 (GCVE-0-2021-24209)
Vulnerability from nvd – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI?
Title
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
Summary
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Super Cache |
Affected:
0 , < 1.7.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WP Super Cache",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "m0ze"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -\u003e Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-04T07:43:00.414Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3"
},
{
"tags": [
"patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Super Cache \u003c 1.7.2 - Authenticated Remote Code Execution (RCE)",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24209",
"datePublished": "2021-04-05T18:27:46.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2010 (GCVE-0-2013-2010)
Vulnerability from nvd – Published: 2020-02-12 14:45 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
Severity ?
No CVSS data available.
CWE
- Remote PHP Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| W3 Total Cache Plugin authors | W3 Total Cache Plugin |
Affected:
0.9.2.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W3 Total Cache Plugin",
"vendor": "W3 Total Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "0.9.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote PHP Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T14:45:51.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W3 Total Cache Plugin",
"version": {
"version_data": [
{
"version_value": "0.9.2.8"
}
]
}
}
]
},
"vendor_name": "W3 Total Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote PHP Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"name": "http://www.securityfocus.com/bid/59316",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59316"
},
{
"name": "http://www.exploit-db.com/exploits/25137",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2010",
"datePublished": "2020-02-12T14:45:51.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2009 (GCVE-0-2013-2009)
Vulnerability from nvd – Published: 2020-02-07 13:09 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Severity ?
No CVSS data available.
CWE
- Remote PHP Code Execution Vulnerability
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WP Super Cache Plugin authors | WP Super Cache Plugin |
Affected:
1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache Plugin",
"vendor": "WP Super Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote PHP Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T13:09:37.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.2"
}
]
}
}
]
},
"vendor_name": "WP Super Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote PHP Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"name": "http://www.securityfocus.com/bid/59470",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59470"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/12",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2009",
"datePublished": "2020-02-07T13:09:37.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2008 (GCVE-0-2013-2008)
Vulnerability from nvd – Published: 2020-02-07 13:06 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress Super Cache Plugin 1.3 has XSS.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Super Cache Plugin authors | Super Cache Plugin |
Affected:
1.3 (fixed in 1.3.1)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Super Cache Plugin",
"vendor": "Super Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.3 (fixed in 1.3.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Super Cache Plugin 1.3 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T13:06:07.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.3 (fixed in 1.3.1)"
}
]
}
}
]
},
"vendor_name": "Super Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress Super Cache Plugin 1.3 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2008",
"datePublished": "2020-02-07T13:06:07.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24329 (GCVE-0-2021-24329)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Super Cache |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Super Cache \u003c 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24329",
"STATE": "PUBLIC",
"TITLE": "WP Super Cache \u003c 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-23]-[WordPress]-[CWE-79]-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-23]-[WordPress]-[CWE-79]-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24329",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24312 (GCVE-0-2021-24312)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
Summary
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automattic | WP Super Cache |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache",
"vendor": "Automattic",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "NGA"
}
],
"descriptions": [
{
"lang": "en",
"value": "The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of \u0027$\u0027 and \u0027\\n\u0027. This is due to an incomplete fix of CVE-2021-24209."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:30.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Super Cache \u003c 1.7.3 - Authenticated Remote Code Execution",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24312",
"STATE": "PUBLIC",
"TITLE": "WP Super Cache \u003c 1.7.3 - Authenticated Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Automattic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NGA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of \u0027$\u0027 and \u0027\\n\u0027. This is due to an incomplete fix of CVE-2021-24209."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24312",
"datePublished": "2021-06-01T11:33:30.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24209 (GCVE-0-2021-24209)
Vulnerability from cvelistv5 – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI?
Title
WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
Summary
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Super Cache |
Affected:
0 , < 1.7.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "WP Super Cache",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "m0ze"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -\u003e Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-04T07:43:00.414Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3"
},
{
"tags": [
"patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Super Cache \u003c 1.7.2 - Authenticated Remote Code Execution (RCE)",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24209",
"datePublished": "2021-04-05T18:27:46.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2010 (GCVE-0-2013-2010)
Vulnerability from cvelistv5 – Published: 2020-02-12 14:45 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
Severity ?
No CVSS data available.
CWE
- Remote PHP Code Execution Vulnerability
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| W3 Total Cache Plugin authors | W3 Total Cache Plugin |
Affected:
0.9.2.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "W3 Total Cache Plugin",
"vendor": "W3 Total Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "0.9.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote PHP Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T14:45:51.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "W3 Total Cache Plugin",
"version": {
"version_data": [
{
"version_value": "0.9.2.8"
}
]
}
}
]
},
"vendor_name": "W3 Total Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote PHP Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html"
},
{
"name": "http://www.securityfocus.com/bid/59316",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59316"
},
{
"name": "http://www.exploit-db.com/exploits/25137",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/25137"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2010",
"datePublished": "2020-02-12T14:45:51.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2009 (GCVE-0-2013-2009)
Vulnerability from cvelistv5 – Published: 2020-02-07 13:09 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Severity ?
No CVSS data available.
CWE
- Remote PHP Code Execution Vulnerability
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WP Super Cache Plugin authors | WP Super Cache Plugin |
Affected:
1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Super Cache Plugin",
"vendor": "WP Super Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote PHP Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T13:09:37.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.2"
}
]
}
}
]
},
"vendor_name": "WP Super Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote PHP Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"name": "http://www.securityfocus.com/bid/59470",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59470"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/12",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/12"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2009",
"datePublished": "2020-02-07T13:09:37.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2008 (GCVE-0-2013-2008)
Vulnerability from cvelistv5 – Published: 2020-02-07 13:06 – Updated: 2024-08-06 15:20
VLAI?
Summary
WordPress Super Cache Plugin 1.3 has XSS.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Super Cache Plugin authors | Super Cache Plugin |
Affected:
1.3 (fixed in 1.3.1)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Super Cache Plugin",
"vendor": "Super Cache Plugin authors",
"versions": [
{
"status": "affected",
"version": "1.3 (fixed in 1.3.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WordPress Super Cache Plugin 1.3 has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T13:06:07.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.3 (fixed in 1.3.1)"
}
]
}
}
]
},
"vendor_name": "Super Cache Plugin authors"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress Super Cache Plugin 1.3 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/24/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/24/8"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2008",
"datePublished": "2020-02-07T13:06:07.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}