• Two very popular WordPress caching plugins (WP Super Cache and W3 Total Cache) are vulnerable to PHP code execution via interpretation of dynamic snippets, that are contained inside a number of specific HTML-comment tags. WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) are vulnerable to this issue.

• Upgrade the vulnerable plugin(s) to the latest version.

• • WP Caching plugin vulnerability debrief
  • WP Super Cache
  • W3 Total Cache
  • Initial report of the vulnerability

• 

• CVE-2013-2010

• CWE-95

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Code Execution Known Vulnerabilities

• WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
• WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
• WordPress Plugin eShop Code Injection (6.3.11)
• Oracle Reports rwservlet vulnerabilities
• Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)