14 matches found
CVE-2012-6077
The CVE-2012-6077 issue affects the WordPress W3 Total Cache plugin (versions before 0.9.2.5). The root cause is insecure storage of database cache files, enabling remote attackers to retrieve password hash information. Documents indicate exposure of usernames and password hashes via the plugin’s...
CVE-2013-2010
CVE-2013-2010 affects WordPress W3 Total Cache Plugin up to version 0.9.2.8, enabling a remote PHP code execution via crafted input. The root cause is improper handling of macros (e.g., mfunc) in the plugin, allowing arbitrary PHP code execution on the server. Exploitation activity is evidenced b...
CVE-2024-12365
CVE-2024-12365 affects the W3 Total Cache WordPress plugin (versions up to and including 2.8.1). The vulnerability arises from a missing capability check in is_w3tc_admin_page, enabling authenticated attackers with Subscriber-level access or higher to obtain the plugin nonce, perform unauthorized...
CVE-2012-6079
CVE-2012-6079 affects the WordPress plugin W3 Total Cache prior to version 0.9.2.5. The described issue allows an attacker to retrieve sensitive cached database information by guessing or accessing hash keys, effectively disclosing data from the cache layer remotely. This vulnerability is documen...
CVE-2023-5359
CVE-2023-5359 affects the W3 Total Cache WordPress plugin (versions ≤ 2.7.5). The root cause is sensitive Google OAuth API secrets stored in plaintext in publicly accessible plugin files, enabling unauthenticated attackers to impersonate the plugin and access user account information. Connected e...
CVE-2019-6715
The CVE concerns WordPress W3 Total Cache plugin versions before 0.9.4, where an unauthenticated attacker can read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data, targeting the pub/sns.php endpoint. Technical details from connected documents specify an unauthenti...
CVE-2012-6078
W3 Total Cache (WordPress plugin) before version 0.9.2.5 generates hash keys insecurely, enabling remote attackers to predict hash values. Affected: W3 Total Cache plugin (WordPress). Root cause: insecure hash key generation. Impact: information exposure via predictable hashes. Remediation: upgra...
CVE-2024-12006
CVE-2024-12006 concerns the W3 Total Cache WordPress plugin. The Red Hat advisory confirms the root cause: a missing capability check in multiple functions, affecting all versions up to and including 2.8.1. This flaw allows unauthenticated users to modify data by deactivating the plugin and by ac...
CVE-2021-24427
The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...
CVE-2021-24436
The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...
CVE-2021-24452
The CVE-2021-24452 entry concerns the WordPress plugin W3 Total Cache prior to version 2.1.5. The vulnerability is a reflected XSS in the Extension parameter on the Extensions dashboard, triggered when the setting “Anonymously track usage to improve product quality” is enabled; the parameter is o...
CVE-2014-8724
CVE-2014-8724 affects the WordPress plugin W3 Total Cache up to version before 0.9.4.1 . The root cause is improper sanitization of user-supplied input in the HTML comments for the Cache key when the page cache debug info is enabled, allowing a reflected XSS scenario via PATH_INFO to the default ...
CVE-2024-12008
CVE-2024-12008 (W3 Total Cache for WordPress) is described in connected Red Hat documentation as a vulnerability to Information Exposure in all versions up to and including 2.8.1, exposed via the publicly accessible debug log file. The issue allows unauthenticated attackers to view potentially se...
CVE-2014-9414
CVE-2014-9414 affects the WordPress W3 Total Cache plugin prior to 0.9.4.1. The issue stems from improper handling of empty nonces in the w3tc_mobile page, enabling CSRF attacks that can hijack administrator authentication for requests that change the mobile site redirect URI via mobile_groups[*]...