Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-2009. PoCs published by anonymous.
AI-analyzed exploit summary This exploit leverages a PHP code execution vulnerability in WP Super Cache 1.2 by injecting PHP code within mfunc tags, which are processed by the plugin. The provided payload echoes the PHP version, demonstrating arbitrary code execution.
Description
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/38494
This exploit leverages a PHP code execution vulnerability in WP Super Cache 1.2 by injecting PHP code within mfunc tags, which are processed by the plugin. The provided payload echoes the PHP version, demonstrating arbitrary code execution.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
WP Super Cache 1.2
No auth needed
Prerequisites:
WordPress with WP Super Cache 1.2 installed and active
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/10
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/8
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/59470
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/12
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/83799
Scores
CVSS v3
8.8
EPSS
0.1298
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
automattic/wp_super_cache
1.2
Published
Feb 07, 2020
Tracked Since
Feb 18, 2026