• Two very popular WordPress caching plugins (WP Super Cache and W3 Total Cache) are vulnerable to PHP code execution via interpretation of dynamic snippets, that are contained inside a number of specific HTML-comment tags. WP Super Cache (before version 1.3) and W3 Total Cache (before version 0.9.2.9) are vulnerable to this issue.

• Upgrade the vulnerable plugin(s) to the latest version.

• • WP Caching plugin vulnerability debrief
  • WP Super Cache
  • W3 Total Cache
  • Initial report of the vulnerability

• 

• CVE-2013-2010

• CWE-95

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

• Code Execution Known Vulnerabilities

• WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
• JBoss Seam framework remote code execution
• ColdFusion JNDI injection RCE
• WordPress Plugin File Manager Remote Code Execution (4.1)
• WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)