PT-2019-18281 · Frederick Townes · W3 Total Cache
Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4 Description: The issue allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. This is due to a lack of proper access control in the API,...