Skip to main content

W3 Total Cache CVE-2014-8724

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-12-19 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 19, 2014 - 15:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. Affected products include: Boldgrid W3 Total Cache. Version information: before 0.9.4.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-12008 MEDIUM POC
5.3 Jan 14

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.

CVE-2019-6715 HIGH POC
7.5 Apr 01

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via

CVE-2014-9414 MEDIUM POC
6.8 Dec 24

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attack

CVE-2021-24452 MEDIUM POC
6.1 Jul 19

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the

CVE-2021-24436 MEDIUM POC
6.1 Jul 19

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulne

CVE-2026-57623 CRITICAL
9.0 Jul 02

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and i

CVE-2021-24427 MEDIUM POC
4.8 Jul 12

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high priv

CVE-2026-39595 MEDIUM
4.7 Jun 17

W3 Total Cache for WordPress (versions through 2.9.1) exposes Author-role users to administrative plugin functions due t

CVE-2024-12365 HIGH
8.5 Jan 14

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check o

CVE-2024-12006 MEDIUM
5.3 Jan 14

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability c

Share

CVE-2014-8724 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy