Description

Two very popular WordPress caching plugins (WP Super Cache and W3 Total Cache) are vulnerable to PHP code execution via interpretation of dynamic snippets, that are contained inside a number of specific HTML-comment tags. WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) are vulnerable to this issue.

Remediation

Upgrade the vulnerable plugin(s) to the latest version.

References

WP Caching plugin vulnerability debrief

WP Super Cache

W3 Total Cache

Initial report of the vulnerability

Related Vulnerabilities

Oracle Database Server CVE-2007-0268 Vulnerability (CVE-2007-0268)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13402)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19993)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36477)

phpList Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2020-8547)

Severity

High

Classification

CVE-2013-2010 CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities