File Read Vulnerability in W3 Total Cache Plugin for WordPress
CVE-2019-6715
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 1 April 2019
Badges
What is CVE-2019-6715?
The W3 Total Cache plugin for WordPress before version 0.9.4 is vulnerable to a file read attack due to improper handling of the SubscribeURL field within SubscriptionConfirmation JSON data. This allows remote attackers to exploit the vulnerability and access arbitrary files on the server, potentially exposing sensitive information. Proper updates and security measures should be implemented to safeguard against this vulnerability.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved