CVE-2024-12365

High CVSS: 8.5

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.

Vendor

Boldgrid

Product

W3 Total Cache

CWE

CWE-862

Yayın Tarihi

2025-01-14 07:15:26

Güncelleme

2025-01-16 21:31:22

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 W3 Total Cache HIGH Boldgrid 2025

Referanslar

Benzer Kayıtlar

High

CVE-2020-36848

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sens…

High

CVE-2025-2257

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remo…

Medium

CVE-2024-13907

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Serv…

Medium

CVE-2025-0859

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal…

Medium

CVE-2025-22759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and…

Medium

CVE-2024-12006

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability c…