CVE-2013-2009

HIGH

WordPress WP Super Cache Plugin <1.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2009. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a PHP code execution vulnerability in WP Super Cache 1.2 by injecting PHP code within mfunc tags, which are processed by the plugin. The provided payload echoes the PHP version, demonstrating arbitrary code execution.

Description

WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/38494

This exploit leverages a PHP code execution vulnerability in WP Super Cache 1.2 by injecting PHP code within mfunc tags, which are processed by the plugin. The provided payload echoes the PHP version, demonstrating arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WP Super Cache 1.2
No auth needed
Prerequisites: WordPress with WP Super Cache 1.2 installed and active
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/10
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/8
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/59470
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/04/24/12
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/83799

Scores

CVSS v3 8.8
EPSS 0.1298
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
automattic/wp_super_cache 1.2
Published Feb 07, 2020
Tracked Since Feb 18, 2026