Unauthorized Data Access in W3 Total Cache Plugin for WordPress
CVE-2024-12365

8.5HIGH

Key Information:

Vendor
Boldgrid
Status
W3 Total Cache
Vendor
CVE Published:
14 January 2025

Summary

The W3 Total Cache plugin is susceptible to unauthorized access to sensitive data due to an absence of capability checks on the is_w3tc_admin_page function. This flaw affects all versions up to and including 2.8.1, enabling authenticated attackers with Subscriber-level access and above to exploit the vulnerability. Attackers can retrieve the plugin's nonce value, perform unauthorized operations, disclose information, exhaust service plan limits, and facilitate web requests to any location. This presents risks for querying data from internal services, including crucial instance metadata in cloud-based environments.

Affected Version(s)

W3 Total Cache * <= 2.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/w3-total-cache...
https://plugins.trac.wordpress.org/browser/w3-total-cache...

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Villu Orav
.