skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

W3 Total Cache Plugin Vulnerability Affects Over 1 Million Sites

/ 1 min read

🔓 Critical vulnerability in W3 Total Cache plugin endangers over one million WordPress sites. A severe flaw, tracked as CVE-2024-12365, in the W3 Total Cache plugin could allow attackers to access sensitive information, including metadata from cloud-based applications. Despite a fix being released in version 2.8.2, hundreds of thousands of sites remain unpatched, leaving them vulnerable to exploitation. The flaw arises from a missing capability check, enabling authenticated users with minimal access to perform unauthorized actions. Risks include Server-Side Request Forgery (SSRF) and service abuse, potentially leading to data exposure and increased operational costs. Website owners are urged to upgrade to the latest version and consider implementing a web application firewall to mitigate risks.

Source
{entry.data.source.title}
Original