Unauthorized Data Modification in W3 Total Cache Plugin for WordPress
CVE-2024-12006

5.3MEDIUM

Key Information:

Vendor
Boldgrid
Status
W3 Total Cache
Vendor
CVE Published:
14 January 2025

Summary

The W3 Total Cache plugin for WordPress contains a vulnerability that allows unauthorized users to modify data due to a lack of proper capability checks in several critical functions. This flaw affects all versions up to and including 2.8.1, enabling unauthenticated attackers to deactivate the entire plugin and manipulate plugin extensions. As such, it poses a significant risk to the integrity and availability of WordPress sites utilizing this caching solution.

Affected Version(s)

W3 Total Cache * <= 2.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/w3-total-cache...
https://plugins.trac.wordpress.org/browser/w3-total-cache...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Villu Orav
.