WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...

WordPress W3 Total Cache plugin <= 2.1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.3. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.4...

WordPress W3 Total Cache plugin <= 2.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.4. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.5...

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Vulnerable parameters: cnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...

WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...

WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

W3 Total Cache Plugin for WordPress < 0.9.5 Server-Side Request Forgery

The WordPress W3 Total Cache Plugin installed on the remote host is affected by a server-side request forgery SSRF vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2010

CVE-2013-2010 affects WordPress W3 Total Cache Plugin up to version 0.9.2.8, enabling a remote PHP code execution via crafted input. The root cause is improper handling of macros (e.g., mfunc) in the plugin, allowing arbitrary PHP code execution on the server. Exploitation activity is evidenced b...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

W3 Total Cache Plugin for WordPress < 0.9.4 Arbitrary File Read

The WordPress W3 Total Cache Plugin installed on the remote host is affected by an arbitrary file read vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WordPress W3 Total Cache Information Disclosure Vulnerability

W3 Total Cache is a website caching plugin. An information disclosure vulnerability exists in WordPress W3 Total Cache. The vulnerability stems from a configuration or other error in the operation of a networked system or product. An attacker can exploit this vulnerability to obtain sensitive...

CVE-2012-6078

W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes...

CVE-2012-6079

W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys...

CVE-2012-6077

W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files...

Information disclosure

W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files...