CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-24430

HIGH
7.2
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile12.38th
Published2021年8月2日
Last Modified2024年11月21日

Vulnerability Description

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE

Affected Platforms (CPE)

📦
Optimocha

Speed Booster Pack

< 4.2.0

References & Advisories

🔗 https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt
🔗 https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df
🔗 https://m0ze.ru/vulnerability/%5B2021-05-10%5D-%5BWordPress%5D-%5BCWE-94%5D-Speed-Booster-Pack-WordPress-Plugin-v4.2.0-beta.txt
🔗 https://wpscan.com/vulnerability/945d6d2e-fa25-42c0-a7b4-b1794732a0df

相關漏洞威脅

CVE-2021-250237.2

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name p...

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...