WP Super Cache Vulnerabilities

The WP Super Cache plugin for WordPress is vulnerable to Unauthenticated Cache Poisoning in versions up to, and including, 1.8. This is due to insufficient parsing of URLs containing double slashes. This makes it possible for unauthenticated attackers to poison the site's cache p...

The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete f...

The Twitter Bootstrap Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_cache_location' parameter in versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack...

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is...

The WP Super Cashe plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browse...

The WP Super Cache plugin for WordPress is vulnerable to Authenticated File Deletion in versions up to, and including, 1.4.4. Code that sanitized directory paths when deleting cache files wasn't secure and might allow an attacker to view or delete files named index.html. This mak...

The WP Super Cache plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input. This allows attackers to inject a PHP Object into cache files. If the cache file is accessed, it could allow the attacker...

The WP Super Cache plugin for WordPress is vulnerable to Directory Listing in versions up to, and including, 1.4.4. This allows unauthenticated attackers to read the contents of arbitrary directories on the server, which can contain sensitive information.

The WP Super Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$details[ ‘key’ ]` value in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.

The WP Super Cache plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.2. This allows unauthenticated attackers to execute code on the server.

The WordPress Super Cache Plugin 1.3 has XSS via several vulnerable parameters.