CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...

CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

CVE-2024-12006 W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and...

WordPress plugin W3 Total Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin W3 Total Cache 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress plugin W3 Total Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1728

Name of the Vulnerable Software and Affected Versions W3 Total Cache plugin for WordPress versions 2.8.1 and earlier Description The issue allows unauthenticated attackers to view potentially sensitive information in the exposed log file, which may contain nonce values that can be used in further...

PT-2025-1824 · WordPress · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin for WordPress versions up to, and including, 2.8.1 Description: The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is w3tc admin page function...

WordPress W3 Total Cache plugin <= 2.8.1 Information Exposure via Log Files vulnerability

WordPress W3 Total Cache plugin = 2.8.1 Information Exposure via Log Files vulnerability discovered by villu164 in WordPress Plugin W3 Total Cache versions = 2.8.1...

WordPress W3 Total Cache plugin <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation vulnerability

WordPress W3 Total Cache plugin = 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation vulnerability discovered by villu164 in WordPress Plugin W3 Total Cache versions = 2.8.1...

WordPress W3 Total Cache plugin <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Missing Authorization to Server-Side Request Forgery vulnerability discovered by villu164 in WordPress Plugin W3 Total Cache versions = 2.8.1...

WordPress plugin W3 Total Cache 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2023-5359 W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain...

CVE-2023-5359 W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain...

CVE-2023-5359

CVE-2023-5359 affects the W3 Total Cache WordPress plugin (versions ≤ 2.7.5). The root cause is sensitive Google OAuth API secrets stored in plaintext in publicly accessible plugin files, enabling unauthenticated attackers to impersonate the plugin and access user account information. Connected e...

WordPress W3 Total Cache plugin <= 2.7.5 - Sensitive Credentials Stored in Plaintext vulnerability

Sensitive Credentials Stored in Plaintext vulnerability discovered by Ivan Kuzymchak in WordPress Plugin W3 Total Cache versions = 2.7.5...

PT-2024-14790 · WordPress · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin for WordPress versions up to, and including, 2.7.5 Description: The issue allows unauthenticated attackers to expose sensitive information, specifically Google OAuth API secrets stored in plaintext in the plugin source...

WordPress W3 Total Cache Plugin <= 2.7.5 is vulnerable to Sensitive Data Exposure

Software W3 Total Cache Type Plugin Vulnerable versions = 2.7.5 Fixed in 2.7.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5359 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 553a33ae4238 Credits Ivan Kuzymchak Required...

WordPress W3-Total-Cache 0.9.2.4 Username / Hash Extraction

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3-Total-Cache Plugin 0.9.2.4 or before Username and Hash Extract', 'Description' = "The W3-Total-Cache Wordpress Plugin MSFLICENSE,...