PHP Code Execution Vulnerability in W3 Super Cache Plugin by WordPress
CVE-2013-2011

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Super Cache Plugin
Vendor
CVE Published:
26 December 2019

Summary

The W3 Super Cache Plugin for WordPress, prior to version 1.3.2, suffers from a PHP code-execution vulnerability that allows remote attackers to inject arbitrary code. This vulnerability resulted from an incomplete resolution of an earlier issue, affecting the plugin's security posture. It’s critical for website administrators utilizing this plugin to promptly update to the latest version to mitigate potential exploitation risks.

Affected Version(s)

Super Cache Plugin 1.3.2

References

https://security-tracker.debian.org/tracker/CVE-2013-2011
x_refsource_MISC
http://www.securityfocus.com/bid/59473
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/04/25/4
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.