• Two very popular WordPress caching plugins (WP Super Cache and W3 Total Cache) are vulnerable to PHP code execution via interpretation of dynamic snippets, that are contained inside a number of specific HTML-comment tags. WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) are vulnerable to this issue.

• Upgrade the vulnerable plugin(s) to the latest version.

• • WP Caching plugin vulnerability debrief
  • WP Super Cache
  • W3 Total Cache
  • Initial report of the vulnerability

• 

• CVE-2013-2010

• CWE-95

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Code Execution Known Vulnerabilities

• WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
• Jboss Application Server HTTPServerILServlet.java remote code execution
• Remote code execution vulnerability in WordPress Duplicator
• WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
• WordPress Plugin Insert PHP PHP Code Injection (1.3)