W3 Total Cache Plugin Vulnerability Affects Over 1 Million Sites
/ 1 min read
🔓 Critical vulnerability in W3 Total Cache plugin endangers over one million WordPress sites. A severe flaw, tracked as CVE-2024-12365, in the W3 Total Cache plugin could allow attackers to access sensitive information, including metadata from cloud-based applications. Despite a fix being released in version 2.8.2, hundreds of thousands of sites remain unpatched, leaving them vulnerable to exploitation. The flaw arises from a missing capability check, enabling authenticated users with minimal access to perform unauthorized actions. Risks include Server-Side Request Forgery (SSRF) and service abuse, potentially leading to data exposure and increased operational costs. Website owners are urged to upgrade to the latest version and consider implementing a web application firewall to mitigate risks.
