- Vulnerability discovered in W3 Total Cache WordPress plugin, allowing data exposure and more
- This affects all versions up to 2.8.2, which was released in response
- Hundreds of thousands of WordPress sites are still vulnerable
W3 Total Cache, a popular website performance optimization WordPress plugin, reportedly has a high-severity vulnerability that would allow attackers to access sensitive information, abuse service plan limits, and execute actions unauthorized.
The vulnerability is tracked as CVE-2024-12365 and has a severity score of 8.5/10 (high). This occurs due to a missing capability check in a function and affects all versions up to and including 2.8.1.
“This allows authenticated attackers, with access at the subscriber level and above, to obtain the casual value of the plugin and perform unauthorized actions, leading to information disclosure, the service plan limits consumption as well as sending web requests to arbitrary locations from the web application which can be used to query information from internal services, including instance metadata on cloud-based applications,” he said. he stated on the website of the National Vulnerability Database.
WordPress and its plugins
The WordPress Plugin Repository states that W3 Total Cache has over 1 million downloads, with less than half (42.8% running the latest version), meaning over 500,000 websites could still be vulnerable.
The plugin’s vendor, BoldGrid, released a patch with its version 2.8.2, and WordPress security project Wordfence urged all users to apply the patch immediately.
WordPress is the most popular website building platform in the world, powering around half of all websites on the Internet.
As such, it is also a popular target for cybercriminals, but since the platform is relatively secure, threat actors primarily focus on third-party plugins and themes, especially those benefiting from ‘low support from developers or the community.
W3 Total Cache is a powerful WordPress plugin designed to improve website performance by caching content, minifying code, and optimizing server resources. It claims to be able to help reduce loading times, improve user experience and improve SEO by integrating features such as content delivery network (CDN) support and content caching. database.
Via BeepComputer
