Lucene search
K
BoldgridW3 Total Cache

14 matches found

CVE
CVE
added 2019/11/22 6:44 p.m.258 views

CVE-2012-6077

The CVE-2012-6077 issue affects the WordPress W3 Total Cache plugin (versions before 0.9.2.5). The root cause is insecure storage of database cache files, enabling remote attackers to retrieve password hash information. Documents indicate exposure of usernames and password hashes via the plugin’s...

7.5CVSS7.5AI score0.05378EPSS
CVE
CVE
added 2020/02/12 2:45 p.m.183 views

CVE-2013-2010

CVE-2013-2010 affects WordPress W3 Total Cache Plugin up to version 0.9.2.8, enabling a remote PHP code execution via crafted input. The root cause is improper handling of macros (e.g., mfunc) in the plugin, allowing arbitrary PHP code execution on the server. Exploitation activity is evidenced b...

9.8CVSS9.6AI score0.73862EPSS
CVE
CVE
added 2025/01/14 7:5 a.m.182 views

CVE-2024-12365

CVE-2024-12365 affects the W3 Total Cache WordPress plugin (versions up to and including 2.8.1). The vulnerability arises from a missing capability check in is_w3tc_admin_page, enabling authenticated attackers with Subscriber-level access or higher to obtain the plugin nonce, perform unauthorized...

8.5CVSS8.1AI score0.01736EPSS
CVE
CVE
added 2019/11/22 6:55 p.m.177 views

CVE-2012-6079

CVE-2012-6079 affects the WordPress plugin W3 Total Cache prior to version 0.9.2.5. The described issue allows an attacker to retrieve sensitive cached database information by guessing or accessing hash keys, effectively disclosing data from the cache layer remotely. This vulnerability is documen...

7.5CVSS7.4AI score0.02134EPSS
CVE
CVE
added 2024/09/24 7:30 a.m.177 views

CVE-2023-5359

CVE-2023-5359 affects the W3 Total Cache WordPress plugin (versions ≤ 2.7.5). The root cause is sensitive Google OAuth API secrets stored in plaintext in publicly accessible plugin files, enabling unauthenticated attackers to impersonate the plugin and access user account information. Connected e...

7.5CVSS5.8AI score0.00813EPSS
Web
CVE
CVE
added 2019/04/01 7:5 p.m.156 views

CVE-2019-6715

The CVE concerns WordPress W3 Total Cache plugin versions before 0.9.4, where an unauthenticated attacker can read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data, targeting the pub/sns.php endpoint. Technical details from connected documents specify an unauthenti...

7.5CVSS7.4AI score0.19396EPSS
Web
CVE
CVE
added 2019/11/22 6:50 p.m.130 views

CVE-2012-6078

W3 Total Cache (WordPress plugin) before version 0.9.2.5 generates hash keys insecurely, enabling remote attackers to predict hash values. Affected: W3 Total Cache plugin (WordPress). Root cause: insecure hash key generation. Impact: information exposure via predictable hashes. Remediation: upgra...

7.5CVSS7.5AI score0.02318EPSS
CVE
CVE
added 2025/01/14 7:5 a.m.130 views

CVE-2024-12006

CVE-2024-12006 concerns the W3 Total Cache WordPress plugin. The Red Hat advisory confirms the root cause: a missing capability check in multiple functions, affecting all versions up to and including 2.8.1. This flaw allows unauthenticated users to modify data by deactivating the plugin and by ac...

5.3CVSS5.2AI score0.00487EPSS
CVE
CVE
added 2021/07/12 7:20 p.m.122 views

CVE-2021-24427

The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...

4.8CVSS4.7AI score0.00622EPSS
Web
CVE
CVE
added 2021/07/19 10:53 a.m.97 views

CVE-2021-24436

The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...

6.1CVSS5.9AI score0.01905EPSS
Web
CVE
CVE
added 2021/07/19 10:53 a.m.90 views

CVE-2021-24452

The CVE-2021-24452 entry concerns the WordPress plugin W3 Total Cache prior to version 2.1.5. The vulnerability is a reflected XSS in the Extension parameter on the Extensions dashboard, triggered when the setting “Anonymously track usage to improve product quality” is enabled; the parameter is o...

6.1CVSS5.8AI score0.01996EPSS
Web
CVE
CVE
added 2014/12/19 3:0 p.m.69 views

CVE-2014-8724

CVE-2014-8724 affects the WordPress plugin W3 Total Cache up to version before 0.9.4.1 . The root cause is improper sanitization of user-supplied input in the HTML comments for the Cache key when the page cache debug info is enabled, allowing a reflected XSS scenario via PATH_INFO to the default ...

4.3CVSS5.7AI score0.02055EPSS
Web
CVE
CVE
added 2025/01/14 7:5 a.m.65 views

CVE-2024-12008

CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...

7.5CVSS5AI score0.02169EPSS
CVE
CVE
added 2014/12/24 6:0 p.m.51 views

CVE-2014-9414

CVE-2014-9414 affects the WordPress W3 Total Cache plugin prior to 0.9.4.1. The issue stems from improper handling of empty nonces in the w3tc_mobile page, enabling CSRF attacks that can hijack administrator authentication for requests that change the mobile site redirect URI via mobile_groups[*]...

6.8CVSS7.3AI score0.01357EPSS
Web