CVE-2024-8512

Name of the Vulnerable Software and Affected Versions: W3SPEEDSTER plugin for WordPress versions up to, and including, 7.26

Description: The issue allows for Remote Code Execution due to the plugin passing user-supplied input to eval(). This is possible via the script parameter of the hookBeforeStartOptimization() function, making it possible for authenticated attackers with Administrator-level access and above to execute code on the server.

Recommendations: For versions up to, and including, 7.26, consider disabling the hookBeforeStartOptimization() function until a patch is available to prevent exploitation. Restrict access to the script parameter to minimize the risk of exploitation. Update to a version that fixes the issue, once available.