2 matches found
WordPress W3 Total Cache Plugin Arbitrary File Read (CVE-2019-6715)
An Arbitrary File Read vulnerability exists in WordPress W3 Total Cache plugin. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary web script into the effected system...
CVE-2019-6715
The CVE concerns WordPress W3 Total Cache plugin versions before 0.9.4, where an unauthenticated attacker can read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data, targeting the pub/sns.php endpoint. Technical details from connected documents specify an unauthenti...