CVE-2021-24209

Name of the Vulnerable Software and Affected Versions: WP Super Cache versions prior to 1.7.2

Description: The issue is related to an authenticated remote code execution (RCE) in the settings page of the WP Super Cache WordPress plugin. This is due to a failure in input validation and a weak check of the $cache path variable in the WP Super Cache Settings -> Cache Location option. The vulnerability can be exploited for web shell injection because direct access to the wp-cache-config.php file is not prohibited.

Recommendations: For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the WP Super Cache Settings -> Cache Location option to minimize the risk of exploitation. Additionally, restrict direct access to the wp-cache-config.php file until the update is applied.