W3 Total Cache

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-12365 HIGH PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Authentication Bypass WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
8.5
EPSS
17.0%
CVE-2024-12008 MEDIUM PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.5%.

CSRF WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
5.3
EPSS
33.5%
CVE-2024-12006 MEDIUM PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress W3 Total Cache
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2024-12365
EPSS 17% CVSS 8.5
HIGH PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Authentication Bypass WordPress Information Disclosure +1
NVD
CVE-2024-12008
EPSS 33% CVSS 5.3
MEDIUM PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.5%.

CSRF WordPress Information Disclosure +1
NVD
CVE-2024-12006
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress W3 Total Cache
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy