CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 3CVE-2019-6715 – W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6715
01 Apr 2019 — pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. pub/sns.php en el plugin W3 Total Cache, en versiones anteriores a la 0.9.4 para WordPress, permite a los atacantes remotos leer archivos arbitrarios mediante el campo SubscribeURL en los datos JSON "SubscriptionConfirmation The script pub/sns.php in the W3 Total Cache plugin (versions 0.9.2.6 through 0.9.3) allows remote attack... • https://github.com/random-robbie/cve-2019-6715 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8724 – W3 Total Cache <= 0.9.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8724
16 Dec 2014 — Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. Vulnerabilidad de XSS en el plugin W3 Total Cache anterior a 0.9.4.1 para WordPress, cuando el modo debug está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de 'Cache k... • http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 4%CPEs: 1EXPL: 3CVE-2014-9414 – W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9414
10 Dec 2014 — The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php. El plugin W3 Total Cache anterior a 0.9.4.1 de WordPress no maneja adecuadamente nonces vacíos, lo que permit... • http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 3CVE-2013-2010 – W3 Total Cache <= 0.9.2.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-2010
01 Aug 2014 — WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability WordPress W3 Total Cache Plugin versión 0.9.2.8, presenta una Vulnerabilidad de Ejecución de Código PHP Remota. • https://www.exploit-db.com/exploits/25137 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •