W3 Total Cache
Monthly
W3 Total Cache for WordPress (versions through 2.9.1) exposes Author-role users to administrative plugin functions due to missing authorization checks (CWE-862), enabling unintended read, write, and availability impacts against the caching layer. The CVSS vector confirms a network-accessible, low-complexity exploit requiring Author-level authentication (PR:H), with low but confirmed impact across all three CIA dimensions. No public exploit code or active exploitation via CISA KEV has been identified at the time of analysis.
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.5%.
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
W3 Total Cache for WordPress (versions through 2.9.1) exposes Author-role users to administrative plugin functions due to missing authorization checks (CWE-862), enabling unintended read, write, and availability impacts against the caching layer. The CVSS vector confirms a network-accessible, low-complexity exploit requiring Author-level authentication (PR:H), with low but confirmed impact across all three CIA dimensions. No public exploit code or active exploitation via CISA KEV has been identified at the time of analysis.
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.5%.
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.