WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary PHP Code Execution

This plugin is prone to an authenticated arbitrary PHP code execution vulnerability. Solution Update the plugin...

WordPress W3 Total Cache Plugin <= 0.9.4.1 - Reflected Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download

When you're creating a support ticket in the plugin page, you can add one or more of your your template themes. Then this file will be send to the author to help him resolving the issue. Now you select one, you send the form and same as for the files before, you will send it to the author to help...

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload

When you're creating a support ticket in the plugin page, you can add one or more of your files from your computer. Then this file will be send to the author to help him resolving the issue. When we look at the code, W3TC is doing that: / Attach other files / if !empty$FILES'files' $files =...

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP Code Execution

This one is so mush easy to exploit using the import settings feature, this is what W3TC will do one your file is uploaded: / Imports config content @param string $filename @return boolean / function import$filename if fileexists$filename && isreadable$filename $data = filegetcontents$filename; i...

WordPress W3 Total Cache 0.9.4.1 Cross Site Scripting

Description: Cross-Site Scripting vulnerability was found on Wordpress W3 Total Cache w3tc plugin. + Plugin Version tested: Support - Add new ticket + Variable: requestid + Method: GET ------------------------------- + Affected URL:...

W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The W3 Total Cache WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC...

WordPress W3 Total Cache and W3 Super Cache PHP Code Execution (CVE-2013-2010)

A remote code execution vulnerability has been reported in WordPress W3 Total and Super Cache Plugins. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code on the affected system...

WordPress W3 Total Cache Security Credentials Hash Extract

A hash extract vulnerability has been reported in WordPress W3 Total Cache Plugin. Successful exploitation of this vulnerability would allow a remote attacker to obtain username and password hashes from affected WordPress servers...

WordPress W3 Total Cache Plugin <= 0.9.4 - Cross Site Request Forgery

This plugin is prone to edge mode enabling cross site request forgery vulnerability. Solution Update the plugin...

WordPress W3 Total Cache PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit3 'WordPress W3 Total Cache PHP Code Execution', 'Description' = %q This module exploits a PHP Code Injection vulnerability against WordPress plugin W3...

WordPress W3 Total Cache PHP Code Execution

This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...

W3 Total Cache Plugin For WordPress Cache Key XSS

The version of the W3 Total Cache plugin for WordPress hosted on the remote web server fails to properly sanitize user-supplied input to the 'Cache key' in the HTML comments displayed when 'Page cache debug info' is enabled. An attacker can exploit this to execute arbitrary script code within the...

WordPress Plugin W3 Total Cache Cross-Site Request Forgery Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache plugin is a rare and superb plugin that helps you do a lot of things to optimize your blog, such as...

CVE-2014-9414

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery CSRF attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the...

Cross site request forgery (csrf)

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery CSRF attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the...

CVE-2014-9414

CVE-2014-9414 affects the WordPress W3 Total Cache plugin prior to 0.9.4.1. The issue stems from improper handling of empty nonces in the w3tc_mobile page, enabling CSRF attacks that can hijack administrator authentication for requests that change the mobile site redirect URI via mobile_groups[*]...

PT-2014-8999 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue allows remote attackers to conduct cross-site request forgery CSRF attacks. This is possible due to the improper handling of empty nonces, which can lead to the hijacking ...