W3 Total Cache

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   W3 Total Cache

Information

Software Type Plugin
Software Slug w3-total-cache (view on wordpress.org)
Software Status Active
Software Author boldgrid
Software Website www.boldgrid.com
Software Downloads 48,262,155
Software Active Installs 1,000,000
Software Record Last Updated May 17, 2024

Showing 1-20 of 22 Vulnerabilities

Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure
7.7
CVE-2022-31090
Jun 20, 2022
Researchers:
W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension
7.2
CVE-2021-24452
Jun 28, 2021
Researchers:
W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension
6.1
CVE-2021-24436
Jun 28, 2021
Researcher: renniepak
W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting
4.8
CVE-2021-24427
Jun 16, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal
7.5
CVE-2019-6715
Dec 22, 2020
Researchers:
W3 Total Cache <= 0.9.2.4 - Password Hash Extraction
7.5
CVE-2012-6077
Sep 22, 2020
Researchers:
W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure
7.5
CVE-2012-6078
Sep 22, 2020
Researchers:
W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure
7.5
CVE-2012-6079
Sep 22, 2020
Researchers:
W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery
5.4
CVE ID Unknown
May 22, 2019
Researchers:
W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
May 7, 2019
Researcher: Thomas Chauchefoin
W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify
4.3
CVE ID Unknown
May 7, 2019
Researchers:
W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages
7.2
CVE ID Unknown
Nov 10, 2016
Researchers:
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure
8.6
CVE ID Unknown
Oct 31, 2016
Researcher: Jouko Pynnöne
W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download
4.9
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload
8.8
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling
3.7
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import
7.2
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id
6.1
CVE ID Unknown
Jul 29, 2016
Researcher: Sipke Mellema
W3 Total Cache <= 0.9.4 - Cross-Site Scripting
5.4
CVE-2014-8724
Dec 16, 2014
Researcher: Tobias Glemser
W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery
4.3
CVE-2014-9414
Dec 10, 2014
Researcher: Mazin Ahmed
Title Status CVE ID CVSS Researchers Date
Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure Patched CVE-2022-31090 7.7 June 20, 2022
W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24452 7.2 June 28, 2021
W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24436 6.1 renniepak June 28, 2021
W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2021-24427 4.8 Vladislav Pokrovsky (ΞX.MI) June 16, 2021
W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal Patched CVE-2019-6715 7.5 December 22, 2020
W3 Total Cache <= 0.9.2.4 - Password Hash Extraction Patched CVE-2012-6077 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure Patched CVE-2012-6078 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure Patched CVE-2012-6079 7.5 September 22, 2020
W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery Patched 5.4 May 22, 2019
W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting Patched 6.1 Thomas Chauchefoin May 7, 2019
W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify Patched 4.3 May 7, 2019
W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages Patched 7.2 November 10, 2016
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure Patched 8.6 Jouko Pynnöne October 31, 2016
W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download Patched 4.9 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload Patched 8.8 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling Patched 3.7 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import Patched 7.2 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id Patched 6.1 Sipke Mellema July 29, 2016
W3 Total Cache <= 0.9.4 - Cross-Site Scripting Patched CVE-2014-8724 5.4 Tobias Glemser December 16, 2014
W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery Patched CVE-2014-9414 4.3 Mazin Ahmed December 10, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation