CVE-2021-24209: 
WordPress vulnerability analysis and mitigation

The WP Super Cache WordPress plugin before version 1.7.2 contained an authenticated Remote Code Execution (RCE) vulnerability identified as CVE-2021-24209. The vulnerability was present in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Since direct access to the wp-cache-config.php file was not prohibited, this vulnerability could be exploited for web shell injection (WPScan Advisory, NVD).

The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) with a CVSS v3.1 base score of 7.2 (High). The exploit requires high privileges (admin+) but can be executed with low attack complexity and no user interaction. The vulnerability could also be chained with XSS vulnerabilities in other plugins to achieve RCE (WPScan Advisory).

If successfully exploited, the vulnerability allows an authenticated attacker with admin privileges to execute arbitrary code on the affected system, potentially leading to complete system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, as indicated by the CVSS metrics (NVD).

The vulnerability was patched in WP Super Cache version 1.7.2. Users are strongly advised to update to this version or later to mitigate the risk. However, it should be noted that an incomplete fix led to a subsequent vulnerability (CVE-2021-24312) that was later addressed in version 1.7.3 (WPScan Advisory).