CyberSecurity news
@www.bleepingcomputer.com - 42d
A critical security flaw has been discovered in the W3 Total Cache plugin, a popular tool used by over one million WordPress websites. This vulnerability, tracked as CVE-2024-12365, allows attackers with even subscriber-level access to gain unauthorized access to sensitive data. The flaw stems from a lack of proper capability checks in the plugin's "is_w3tc_admin_page" function, enabling exploitation of sensitive information like nonce values. This could lead to information disclosure, excessive service consumption, and unauthorized requests to internal services, including metadata on cloud-based apps.
This vulnerability, which was publicly disclosed on January 13, 2025, poses a significant risk due to the widespread use of the plugin. Attackers can leverage this to access system data and perform unauthorized actions. While a patch has been released in version 2.8.2 of the W3 Total Cache plugin, many sites have yet to apply the update. Website administrators are urged to update to version 2.8.2 or later immediately to mitigate this high-severity risk, as well as review user access levels and conduct security audits.
ImgSrc: www.bleepstatic
References :
- bsky.app: A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.
- gbhackers.com: W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data
- BleepingComputer: A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.
- www.bleepingcomputer.com: W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
- BleepingComputer: A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.
- gbhackers.com: GBHackers: W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data
Classification:
- HashTags: #WordPress #W3TotalCache #Vulnerability
- Company: WordPress
- Target: WordPress sites
- Product: W3 Total Cache
- Feature: Plugin Vulnerability
- Type: Vulnerability
- Severity: Major