Nga

**Name of the Vulnerable Software and Affected Versions** WP Super Cache versions prior to 1.7.3 **Description** The issue arises from the parameters `$cache path`, `$wp cache debug ip`, `$wp super cache front page text`, `$cache scheduled time`, `$cached direct pages` in the WP Super Cache WordPress plugin settings, which allow input of special characters like `$` and ` `. This leads to remote code execution (RCE) due to an incomplete fix of a previous security issue. **Recommendations** For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider restricting input for the parameters `$cache path`, `$wp cache debug ip`, `$wp super cache front page text`, `$cache scheduled time`, `$cached direct pages` to prevent the use of special characters like `$` and ` `.