GCVE - cpe:2.3:a:automattic:wp_super_cache:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:wp_super_cache:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Wp Super Cache (`581df3b7-a4a5-546e-9d49-314594169fc9`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-24329`	vulnerable	2026-06-03 14:43:56.828808	WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS) The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. Published: 2021-06-01T11:33:31.000Z Updated: 2024-08-03T19:28:23.520Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0 https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24312`	vulnerable	2026-06-03 14:43:56.794690	WP Super Cache < 1.7.3 - Authenticated Remote Code Execution The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. Published: 2021-06-01T11:33:30.000Z Updated: 2024-08-03T19:28:23.442Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24209`	vulnerable	2026-06-03 14:43:56.461714	WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE) The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. Published: 2021-04-05T18:27:46.000Z Updated: 2024-08-03T19:21:18.735Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2010`	vulnerable	2026-06-03 14:32:53.149710	Details available WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability Published: 2020-02-12T14:45:51.000Z Updated: 2024-08-06T15:20:37.485Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/130999/WordPress-W3-Total-Cache-PHP-Code-Execution.html http://www.securityfocus.com/bid/59316 http://www.exploit-db.com/exploits/25137 http://www.openwall.com/lists/oss-security/2013/04/24/9	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.