Detections
Analytics

W3 Total Cache Plugin for WordPress < 0.9.7.4 Multiple Vulnerabilities

critical Web App Scanning Plugin ID 98609

Language:

Synopsis

W3 Total Cache Plugin for WordPress < 0.9.7.4 Multiple Vulnerabilities

Description

The WordPress W3 Total Cache Plugin installed on the remote host is affected by multiple vulnerabilities :

 - A Cross-Site Scripting (XSS) vulnerability exists due to improper validation of user-supplied input in command parameter of /w3-total-cache/pub/opcache.php.

 - A Server Side Request Forgery (SSRF) vulnerability exists due to improper validation of user-supplied input in file_exists of opcache_flush_file.

 - A cryptographic signature bypass exists due to return value of openssl_verify not properly checked.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to W3 Total Cache Plugin for WordPress 0.9.7.4 or latest.

See Also

https://plugins.trac.wordpress.org/changeset/2081515/w3-total-cache#file21

https://plugins.trac.wordpress.org/changeset/2081515/w3-total-cache#file24

https://wordpress.org/plugins/w3-total-cache/

Plugin Details

Severity: Critical

ID: 98609

Type: remote

Published: 5/22/2019

Updated: 3/14/2023

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS Score Source: Tenable

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/6/2019

Vulnerability Publication Date: 5/6/2019

Reference Information