CVE-2021-24312

Name of the Vulnerable Software and Affected Versions WP Super Cache versions prior to 1.7.3

Description The issue arises from the parameters $cache path, $wp cache debug ip, $wp super cache front page text, $cache scheduled time, $cached direct pages in the WP Super Cache WordPress plugin settings, which allow input of special characters like $ and . This leads to remote code execution (RCE) due to an incomplete fix of a previous security issue.

Recommendations For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider restricting input for the parameters $cache path, $wp cache debug ip, $wp super cache front page text, $cache scheduled time, $cached direct pages to prevent the use of special characters like $ and .