4 matches found
CVE-2025-9501
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...
CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...
CVE-2025-9501
CVE-2025-9501 - W3 Total Cache (WordPress) : The vulnerability affects the WordPress W3 Total Cache plugin up to version 2.8.13. The root cause is a command injection in the _parse_dynamic_mfunc function that allows unauthenticated users to submit a malicious payload in a post comment to execute ...
PT-2025-47123
Name of the Vulnerable Software and Affected Versions W3 Total Cache versions prior to 2.8.13 Description The W3 Total Cache WordPress plugin is affected by a command injection issue through the parse dynamic mfunc function. This allows unauthenticated users to execute arbitrary PHP commands by...