CVE-2024-12006

Published Jan 14, 2025

Last updated a month ago

CVSS medium 5.3

Overview

Description: The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

security@wordfence.com: CWE-862

Hype score: Not currently trending

CVE-2024-12006 The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up t… https://t.co/IGAish3niP
@CVEnew
14 Jan 2025
342 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "470E9307-0C69-4084-A1BF-1A1C12DA313B",
            "versionEndExcluding": "2.8.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References