Skip to main content

W3 Total Cache CVE-2026-57623

| EUVDEUVD-2026-41365 CRITICAL
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-07-02 Patchstack GHSA-m2v8-v989-39q2
9.0
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.0 CRITICAL
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.0 CRITICAL

Unauthenticated network RCE (AV:N/PR:N/UI:N) with full impact and scope change; AC:H retained because a specific input-validation condition must be met.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 12:02 vuln.today

DescriptionCVE.org

Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

AnalysisAI

Unauthenticated arbitrary code execution affects the W3 Total Cache WordPress caching plugin in all versions up to and including 2.9.4, allowing remote attackers to execute code and fully compromise the underlying site without credentials or user interaction. The scope-changing CVSS 9.0 (Critical) rating reflects the plugin's deep hooks into WordPress request handling. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site with W3 Total Cache ≤2.9.4
Delivery
Send crafted request with malformed quantity input
Exploit
Bypass improper input validation (CWE-1284)
Execution
Meet required high-complexity condition
Persist
Execute arbitrary code on server
Impact
Full site compromise across scope

Vulnerability AssessmentAI

Exploitation Exploitation targets the W3 Total Cache plugin (versions <= 2.9.4) and requires no authentication (PR:N) and no user interaction (UI:N) over the network (AV:N), so any internet-reachable WordPress site with the vulnerable plugin active is exposed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H yields a base score of 9.0 (Critical): network-reachable, no privileges, no user interaction, full confidentiality/integrity/availability impact, and a changed scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote, unauthenticated attacker sends specially crafted requests to a WordPress site running W3 Total Cache 2.9.4 or earlier, supplying malformed quantity/size input that the plugin fails to validate, and triggers the specific condition needed to coerce the plugin into executing attacker-controlled code - giving full control of the site. No POC has been published, and the AC:H rating means the attacker must reliably hit the required precondition, so an automated exploit would likely need tuning against the target environment.
Remediation No vendor-released patch version was identified in the provided data; upgrade to the first W3 Total Cache release above 2.9.4 as published by the vendor once confirmed, and consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/w3-total-cache/vulnerability/wordpress-w3-total-cache-plugin-2-9-4-arbitrary-code-execution-vulnerability?_s_id=cve) for the exact fixed version before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of all WordPress installations to identify W3 Total Cache presence and version; immediately disable the plugin on any instance running version 2.9.4 or earlier. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy