W3 Total Cache

Information

Software Type Plugin
Software Slug w3-total-cache (view on wordpress.org)
Software Status Active
Software Author boldgrid
Software Website www.boldgrid.com
Software Downloads 53,687,836
Software Active Installs 1,000,000
Software Record Last Updated January 16, 2025

Showing 1-20 of 26 Vulnerabilities

5.4
CVE ID Unknown
May 22, 2019
Researchers:
8.8
CVE ID Unknown
Sep 26, 2016
Researcher: SecuPress
Title Status CVE ID CVSS Researchers Date
W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery Patched CVE-2024-12365 8.5 villu164 January 13, 2025
W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation Patched CVE-2024-12006 5.3 villu164 January 13, 2025
W3 Total Cache <= 2.8.1 Information Exposure via Log Files Patched CVE-2024-12008 5.3 villu164 January 13, 2025
W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext Patched CVE-2023-5359 3.7 Ivan Kuzymchak September 23, 2024
Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure Patched CVE-2022-31090 7.7 June 20, 2022
W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24436 6.1 renniepak June 28, 2021
W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension Patched CVE-2021-24452 7.2 June 28, 2021
W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2021-24427 4.8 RE-ALTER June 16, 2021
W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal Patched CVE-2019-6715 7.5 December 22, 2020
W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure Patched CVE-2012-6079 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure Patched CVE-2012-6078 7.5 September 22, 2020
W3 Total Cache <= 0.9.2.4 - Password Hash Extraction Patched CVE-2012-6077 7.5 September 22, 2020
W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery Patched 5.4 May 22, 2019
W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify Patched 4.3 May 7, 2019
W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting Patched 6.1 Thomas Chauchefoin May 7, 2019
W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages Patched 7.2 November 10, 2016
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure Patched 8.6 Jouko Pynnöne October 31, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload Patched 8.8 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download Patched 4.9 SecuPress September 26, 2016
W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import Patched 7.2 SecuPress September 26, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation