返回 CVE 瀏覽器

CVE-2021-24430

HIGH

7.2

CVSS Severity Score

EPSS Score0.1410%

EPSS Percentile12.38th

Published2021年8月2日

Last Modified2024年11月21日

Vulnerability Description

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

Affected Platforms (CPE)

📦

Optimocha

Speed Booster Pack

< 4.2.0

References & Advisories

🔗 https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt

🔗 https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df

🔗 https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt

🔗 https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df

相關漏洞威脅

CVE-2021-250237.2

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name p...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.