Over a million WordPress sites exposed to attack from W3 Total Cache plugin flaw
Posted by:
David Wilson
A critical vulnerability has been uncovered in the popular W3 Total Cache WordPress plugin, affecting all versions up to 2.8.1, putting hundreds of thousands of websites at risk. The vulnerability, known as CVE-2024-12365 with a severity score of 8.5/10, enables attackers to access sensitive data, exceed service plan limits, and execute unauthorized actions due to a missing capability check in the plugin’s function.
W3 Total Cache, aimed at enhancing website performance through content caching and resource optimization, is a widely used WordPress plugin with over a million downloads. However, with less than half of users running the latest version (2.8.2), more than 500,000 websites remain vulnerable. BoldGrid, the plugin’s vendor, has released a patch to address the issue.
WordPress, powering a significant portion of the internet, faces constant security threats with cybercriminals targeting third-party plugins and themes due to their potential vulnerabilities. Users are strongly advised to update to the latest version of W3 Total Cache (2.8.2) to mitigate the risk of exploitation.
Recent Posts1
