The parameters $cachepath, $wpcachedebugip, $wpsupercachefrontpagetext, $cachescheduledtime, $cacheddirect_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.