- Description
- The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.5
- Impact score
- 4.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
Do You Know..??🤔 W3 Total Cache Plugin Vulnerability Puts 1M Sites at Risk: CVE-2024-12365 | Click Below https://t.co/pB57mhZk0Z #W3 #WordPress #TotalCachePlugin
@certera_llc
27 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی برای پلاگین W3 Total Cache مربوط به Wordpress با کد شناسایی CVE-2024-12365 منتشر شده است که به هکرها امکان دستیابی به متادیتا را می دهد. این آسیب پذیری می تواند باعث آسیب پذیری های دیگری مانند : SSRF نیز گردد . https://t.co/Poz3aKYxT1 https://t.co/Xe5cUzLQrn
@AmirHossein_sec
21 Jan 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Security Alert for WordPress Users! 🚨 A major vulnerability (CVE-2024-12365) has been found in the W3 Total Cache plugin, putting websites at risk of: 🔓 Arbitrary code execution 🔓 Unauthorized data access What to do NOW: 1️⃣ Update immediately to the… htt
@AIAgentEco
20 Jan 2025
283 Impressions
0 Retweets
8 Likes
0 Bookmarks
7 Replies
0 Quotes
A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. https://t.co/f1aRTuaDG6 #Wordpress #w3 #cve #vulnerability #cybersecurity #threatresq
@ThreatResq
20 Jan 2025
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
<セキュリティニュース> WordPressプラグイン「W3 Total Cache」で重大な脆弱性 ※2.8.1までのバージョン 脆弱性:CVE-2024-12365 対策 :バージョンを「2.8.2」以降へ更新 内容 :購読者以上の権限を持つ攻撃者に不正アクセスされる恐れ 詳細:https://t.co/kE9XfuGKfe
@ColorfulBoxJp
20 Jan 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A severe vulnerability (CVE-2024-12365) in the W3 Total Cache plugin affects 1M+ WordPress sites, putting sensitive data at risk. Website owners are strongly advised to update to the latest version immediately.📢 Read more 🔎>> https://t.co/BZPqK6DKIs #CyberSecurity #WordP
@CyberNodeAU
20 Jan 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
کشف آسیب پذیری برای پلاگینW3 Total Cache به تازگی آسیب پذیری جدیدی برای پلاگین W3 Total Cache مربوط به Wordpress با کد شناسایی CVE-2024-12365 منتشر شده است که به هکرها امکان دستیابی به متادیتا را می دهد.
@cybernetic_cy
19 Jan 2025
92 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Vulnerabilidad en el plugin W3 Total Cache expone 1 millón de sitios WordPress a ataques CVE-2024-12365 ⚠️ Función is_w3tc_admin_page https://t.co/3wjoHVLJas https://t.co/4YmYIr055e
@elhackernet
17 Jan 2025
3029 Impressions
16 Retweets
36 Likes
7 Bookmarks
0 Replies
0 Quotes
WordPressで人気のキャッシュ プラグイン「 W3 Total Cache」で重大な脆弱性(CVE-2024-12365) https://t.co/0k3z0Nex70 #izumino_trend
@sec_trend
17 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilità W3 Total Cache: rischi per oltre un milione di siti WordPress Sicurezza Informatica, CVE-2024-12365, cybersecurity, evidenza, plugin, SSRF, Wordpress https://t.co/hJOuhZSKFF https://t.co/vSxNvbhdn5
@matricedigitale
17 Jan 2025
20 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-12365 (CVSS: 8.5) : W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery ⚠️This flaw could allow attackers to gain unauthorized access to sensitive data and even launch attacks on internal systems. ZoomEye… ht
@zoomeye_team
17 Jan 2025
394 Impressions
0 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12365: Missing Auth in W3 Total Cache, 8.5 rating❗️ Vuln allows an authenticated attacker to access sensitive data and collect information from internal services. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/4J8UvgBpFe #cybersecurity #vulnerability_map htt
@Netlas_io
16 Jan 2025
24 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12365: Popular WordPress Caching Plugin Exposes Millions of Sites to Attack Learn about the critical security flaw found in the W3 Total Cache plugin and how it puts over a million WordPress websites at risk (CVE-2024-12365) https://t.co/IRZqRs7hJm
@the_yellow_fall
16 Jan 2025
158 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-12365 The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versi… https://t.co/BI9yelm4RY
@CVEnew
14 Jan 2025
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12365: HIGH] WordPress plugin W3 Total Cache versions up to 2.8.1 have a vulnerability allowing unauthorized data access. Attackers with Subscriber-level access can exploit this issue.#cybersecurity,#vulnerability https://t.co/uiY9sSf24H https://t.co/F2UoZulJTF
@CveFindCom
14 Jan 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "470E9307-0C69-4084-A1BF-1A1C12DA313B",
"versionEndExcluding": "2.8.2"
}
],
"operator": "OR"
}
]
}
]