CVE-2021-24209 in WP Super Cache Plugininfo

Summary

by MITRE • 04/06/2021

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/10/2021

The CVE-2021-24209 vulnerability represents a critical authenticated remote code execution flaw in the WP Super Cache WordPress plugin affecting versions prior to 1.7.2. This vulnerability resides within the plugin's settings page functionality, specifically in the Cache Location configuration option where administrators can modify caching parameters. The flaw stems from inadequate input validation mechanisms that fail to properly sanitize user-supplied data during the cache path configuration process, creating an exploitable entry point for malicious actors with administrative privileges.

The technical implementation of this vulnerability involves a weak $cache_path validation check that allows attackers to manipulate the cache directory path through the plugin's administrative interface. When administrators access the WP Super Cache Settings -> Cache Location section, the plugin fails to adequately verify or sanitize the input provided for the cache path parameter. This validation failure enables attackers to inject malicious file paths that can result in arbitrary code execution on the affected WordPress installation. The vulnerability is particularly dangerous because it leverages legitimate administrative functionality to bypass normal security controls.

The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the capability to establish persistent web shell access to compromised WordPress installations. Since the vulnerability allows direct access to the wp-cache-config.php file without proper access controls, attackers can inject malicious code that persists across server restarts and plugin updates. This web shell injection capability transforms a simple RCE vulnerability into a persistent backdoor that can be used for data exfiltration, lateral movement, and continued unauthorized access to the compromised environment. The vulnerability affects any WordPress installation running the vulnerable plugin version with administrative access.

The exploitation of this vulnerability aligns with several ATT&CK techniques including privilege escalation and persistence mechanisms, as attackers can leverage administrative credentials to gain deeper system access. From a CWE perspective, this vulnerability maps to CWE-20: Improper Input Validation and CWE-74: String Formatting and Formatting Errors, as the plugin fails to properly validate user input and sanitize file paths. Organizations should immediately update to WP Super Cache version 1.7.2 or later to remediate this vulnerability, as the patch addresses the input validation flaws and implements proper cache path validation. Additionally, implementing network segmentation, monitoring for suspicious file modifications, and conducting regular security audits of WordPress installations can help detect and prevent exploitation of similar vulnerabilities in the broader WordPress ecosystem.

Reservation

01/14/2021

Disclosure

04/06/2021

Moderation

accepted

CPE

ready

EPSS

0.23844

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!