CVE-2021-24209 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2021-24209?

CVE-2021-24209 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated WordPress administrators (or users with admin privileges) to execute arbitrary code on servers running vulnerable versions of the WP Super Cache plugin. Attackers can exploit input validation failures and weak path checks in the plugin's settings page to inject web shells, leading to remote code execution. Only WordPress sites with the WP Super Cache plugin installed and active are affected.

📋 TL;DR

This vulnerability allows authenticated WordPress administrators (or users with admin privileges) to execute arbitrary code on servers running vulnerable versions of the WP Super Cache plugin. Attackers can exploit input validation failures and weak path checks in the plugin's settings page to inject web shells, leading to remote code execution. Only WordPress sites with the WP Super Cache plugin installed and active are affected.

💻 Affected Systems

Products:

WordPress WP Super Cache Plugin

Versions: All versions before 1.7.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WP Super Cache plugin active and at least one user with admin privileges.

📦 What is this software?

Wp Super Cache by Automattic

View all CVEs affecting Wp Super Cache →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attackers to execute arbitrary commands, steal data, install persistent backdoors, or pivot to other systems.

🟠

Likely Case

Attackers gain web shell access leading to data exfiltration, defacement, or installation of cryptocurrency miners/malware.

🟢

If Mitigated

Limited impact if proper access controls restrict admin privileges and file permissions are properly configured.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin-level credentials but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.2 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Super Cache and click 'Update Now'. 4. Alternatively, download version 1.7.2+ from WordPress.org and manually replace plugin files.

🔧 Temporary Workarounds

Restrict wp-cache-config.php access

linux

Add .htaccess rules to block direct access to the vulnerable configuration file

<Files "wp-cache-config.php">
Order Allow,Deny
Deny from all
</Files>

Remove admin privileges

all

Review and reduce admin-level users to only essential personnel

🧯 If You Can't Patch

Disable WP Super Cache plugin immediately
Implement strict file permissions (644 for wp-cache-config.php) and monitor for unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check WP Super Cache plugin version in WordPress admin panel under Plugins → Installed Plugins

Check Version:

grep "Version:" wp-content/plugins/wp-super-cache/wp-cache.php

Verify Fix Applied:

Confirm plugin version is 1.7.2 or higher and test that wp-cache-config.php cannot be directly accessed

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/options-general.php?page=wpsupercache
File modifications to wp-cache-config.php
Suspicious PHP code in cache configuration files

Network Indicators:

Unexpected outbound connections from web server following admin panel access

SIEM Query:

source="web_access.log" AND (uri="/wp-admin/options-general.php" AND params LIKE "%page=wpsupercache%")

📊 Metadata

CVE ID: CVE-2021-24209

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: April 5, 2021

Last Updated: November 21, 2024

🔗 References

https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache Patch,Third Party Advisory
https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 Exploit,Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache Patch,Third Party Advisory
https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24209, you might also want to check these: