210 matches found
CVE-2021-24427
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24436
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince ...
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...
WordPress W3 Total Cache 0.9.2.4 SQL Injection / Hash Disclosure
WordPress W3 Total Cache plugin version 0.9.2.4 remote exploit that leverages SQL injection to extract a user's name and password hash. ============================================================================================================================================= | Title : WordPress...
CVE-2024-12365
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...
WordPress W3 Total Cache Plugin < 2.8.2 Missing Authorization Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:boldgrid:w3totalcache"; if description...
CVE-2024-12365
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...
CVE-2024-12365
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12006
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...
CVE-2024-12008
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12006
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...
CVE-2024-12008
CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...
CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...
CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...
CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...
CVE-2024-12006
CVE-2024-12006 concerns the W3 Total Cache WordPress plugin. The Red Hat advisory confirms the root cause: a missing capability check in multiple functions, affecting all versions up to and including 2.8.1. This flaw allows unauthenticated users to modify data by deactivating the plugin and by ac...
CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...