VYPR

WP Super Cache

by WordPress

CVEs (3)

  • CVE-2021-24209HigApr 5, 2021
    risk 0.49cvss 7.2epss 0.24

    The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file…

  • CVE-2021-24312HigJun 1, 2021
    risk 0.47cvss 7.2epss 0.02

    The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete…

  • CVE-2021-24329MedJun 1, 2021
    risk 0.35cvss 5.4epss 0.03

    The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.