CyberSec.Space Logo
Back to CVE Browser

CVE-2021-24430

HIGH
7.2
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile12.38th
PublishedAug 2, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Speed Booster Pack ⚑ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

Affected Platforms (CPE)

πŸ“¦
Optimocha

Speed Booster Pack

< 4.2.0

References & Advisories

πŸ”— https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt
πŸ”— https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df
πŸ”— https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt
πŸ”— https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df

Related Vulnerabilities

CVE-2021-250237.2

The Speed Booster Pack ⚑ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name p...

CVE-2021-224810.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that...

CVE-2021-224410.0

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provide...

CVE-2021-225610.0

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). Th...