CVE-2013-2011

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.

Published: Dec 26, 2019
Updated: Aug 18, 2024
CVE: CVE-2013-2011
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-116

Affected Software
References

Software	From	Fixed in
automattic / w3_super_cache	-	1.3.2
WP Super Cache	-	1.3.2

http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
http://www.openwall.com/lists/oss-security/2013/04/25/4
http://www.securityfocus.com/bid/59473
https://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/83800
https://security-tracker.debian.org/tracker/CVE-2013-2011
https://wordpress.org/support/topic/pwn3d

Vulnerability Database

290,020

CVE-2013-2011