CVE-2023-5359

🗓️ 24 Sep 2024 07:30:45Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 169 Views🌐 WEB

W3 Total Cache plugin vulnerable to storing Google OAuth API secrets in plaintex

Reporter	Title	Published	Views	Family All 12
GithubExploit	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Boldgrid W3_Total_Cache	7 Nov 202520:31	–	githubexploit
Circl	CVE-2023-5359	11 Mar 202522:00	–	circl
CNNVD	WordPress plugin W3 Total Cache 信息泄露漏洞	25 Sep 202400:00	–	cnnvd
Cvelist	CVE-2023-5359 W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext	24 Sep 202407:30	–	cvelist
EUVD	EUVD-2023-57675	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5359	25 Sep 202401:15	–	nvd
OSV	CVE-2023-5359	25 Sep 202401:15	–	osv
Patchstack	WordPress W3 Total Cache Plugin <= 2.7.5 is vulnerable to Sensitive Data Exposure	24 Sep 202400:00	–	patchstack
Patchstack	WordPress W3 Total Cache plugin <= 2.7.5 - Sensitive Credentials Stored in Plaintext vulnerability	24 Sep 202401:13	–	patchstack
Positive Technologies	PT-2024-14790 · WordPress · W3 Total Cache	24 Sep 202400:00	–	ptsecurity

NVD

Vulners

Node

boldgrid w3_total_cacheRange<2.7.6wordpress

[
  {
    "vendor": "boldgrid",
    "product": "W3 Total Cache",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.7.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/w3-total-cache/trunk/PageSpeed_Api.php
plugins	www.plugins.trac.wordpress.org/changeset/3156426/w3-total-cache/tags/2.7.6/PageSpeed_Api.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/2d89a534-978e-4fd8-be3a-5137bdc22dc9

Parameter	Position	Path	Description	CWE
client_id	path	wp-content/plugins/w3-total-cache/Extension_CloudFlare_Plugin.php	Publicly accessible file potentially containing plaintext credentials for CloudFlare and other services.	CWE-312, CWE-200
client_secret	path	wp-content/plugins/w3-total-cache/Extension_CloudFlare_Plugin.php	Publicly accessible file potentially containing plaintext credentials for CloudFlare and other services.	CWE-312, CWE-200
api_key	path	wp-content/plugins/w3-total-cache/Extension_CloudFlare_Plugin.php	Publicly accessible file potentially containing plaintext credentials for CloudFlare and other services.	CWE-312, CWE-200
password	path	wp-content/plugins/w3-total-cache/Extension_CloudFlare_Plugin.php	Publicly accessible file potentially containing plaintext credentials for CloudFlare and other services.	CWE-312, CWE-200
client_id	path	wp-content/plugins/w3-total-cache/Generic_Plugin_Admin.php	Generic admin plugin file that may store credentials in plaintext and be accessible via HTTP.	CWE-312, CWE-200
client_secret	path	wp-content/plugins/w3-total-cache/Generic_Plugin_Admin.php	Generic admin plugin file that may store credentials in plaintext and be accessible via HTTP.	CWE-312, CWE-200
api_key	path	wp-content/plugins/w3-total-cache/Generic_Plugin_Admin.php	Generic admin plugin file that may store credentials in plaintext and be accessible via HTTP.	CWE-312, CWE-200
password	path	wp-content/plugins/w3-total-cache/Generic_Plugin_Admin.php	Generic admin plugin file that may store credentials in plaintext and be accessible via HTTP.	CWE-312, CWE-200
client_id	path	wp-content/plugins/w3-total-cache/Extension_FeedBurner_Plugin.php	FeedBurner extension file that may expose credentials in plaintext when publicly accessible.	CWE-312, CWE-200
client_secret	path	wp-content/plugins/w3-total-cache/Extension_FeedBurner_Plugin.php	FeedBurner extension file that may expose credentials in plaintext when publicly accessible.	CWE-312, CWE-200

08 Apr 2026 16:44Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.13.7 - 7.5

EPSS0.02439

SSVC