W3 Total Cache

Information

Software Type Plugin
Software Slug w3-total-cache (view on wordpress.org)
Software Status Active
Software Author boldgrid
Software Website www.boldgrid.com
Software Downloads 51,273,276
Software Active Installs 1,000,000
Software Record Last Updated October 15, 2024

Showing 1-20 of 23 Vulnerabilities

5.4
CVE ID Unknown
May 22, 2019
Researchers:
8.8
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
Title Status CVE ID CVSS Researchers Date
W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext Patched CVE-2023-5359 3.7 Ivan Kuzymchak September 23, 2024
Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure Patched CVE-2022-31090 7.7 June 20, 2022
W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24452 7.2 June 28, 2021
W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24436 6.1 renniepak June 28, 2021
W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2021-24427 4.8 RE-ALTER June 16, 2021
W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal Patched CVE-2019-6715 7.5 December 22, 2020
W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure Patched CVE-2012-6079 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Password Hash Extraction Patched CVE-2012-6077 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure Patched CVE-2012-6078 7.5 September 22, 2020
W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery Patched 5.4 May 22, 2019
W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify Patched 4.3 May 7, 2019
W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting Patched 6.1 Thomas Chauchefoin May 7, 2019
W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages Patched 7.2 November 10, 2016
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure Patched 8.6 Jouko Pynnöne October 31, 2016
W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling Patched 3.7 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload Patched 8.8 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download Patched 4.9 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import Patched 7.2 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id Patched 6.1 Sipke Mellema July 29, 2016
W3 Total Cache <= 0.9.4 - Cross-Site Scripting Patched CVE-2014-8724 5.4 Tobias Glemser December 16, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation