{"id":"CVE-2021-24312","details":"The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\\n'. This is due to an incomplete fix of CVE-2021-24209.","modified":"2026-04-10T04:30:49.890826Z","published":"2021-06-01T14:15:08.887Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/automattic/wp-super-cache","events":[{"introduced":"0"},{"fixed":"c6f6ec80296cf28abd210457c1d2896c4d5094f2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.7.3"}]}}],"versions":["1.4","1.4.3","1.4.4","1.4.5","1.4.6","1.4.8","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.7.1","1.5.8","1.5.9","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24312.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}