CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2012-6079 – W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2012-6079
22 Nov 2019 — W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys. W3 Total Cache versiones anteriores a 0.9.2.5, expone información confidencial de la base de datos en la caché lo que permite a atacantes remotos descargar esta información por medio de sus claves de hash. • http://www.openwall.com/lists/oss-security/2012/12/30/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2012-6078 – W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2012-6078
22 Nov 2019 — W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes. W3 Total Cache versiones anteriores a 0.9.2.5, genera claves de hash de forma no segura, lo que permite a atacantes remotos predecir los valores de los hash. • http://www.openwall.com/lists/oss-security/2012/12/30/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2012-6077 – W3 Total Cache <= 0.9.2.4 - Password Hash Extraction
https://notcve.org/view.php?id=CVE-2012-6077
22 Nov 2019 — W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files. W3 Total Cache versiones anteriores a 0.9.2.5, permite a atacantes remotos recuperar información del hash de contraseña debido al almacenamiento no seguro de los archivos de caché de la base de datos. • http://www.openwall.com/lists/oss-security/2012/12/30/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 92%CPEs: 1EXPL: 5CVE-2019-6715 – W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal
https://notcve.org/view.php?id=CVE-2019-6715
01 Apr 2019 — pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. pub/sns.php en el plugin W3 Total Cache, en versiones anteriores a la 0.9.4 para WordPress, permite a los atacantes remotos leer archivos arbitrarios mediante el campo SubscribeURL en los datos JSON "SubscriptionConfirmation The script pub/sns.php in the W3 Total Cache plugin (versions 0.9.2.6 through 0.9.3) allows remote attack... • https://packetstorm.news/files/id/160674 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8724 – W3 Total Cache <= 0.9.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8724
16 Dec 2014 — Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. Vulnerabilidad de XSS en el plugin W3 Total Cache anterior a 0.9.4.1 para WordPress, cuando el modo debug está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de 'Cache k... • https://packetstorm.news/files/id/129626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 3CVE-2014-9414 – W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9414
10 Dec 2014 — The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php. El plugin W3 Total Cache anterior a 0.9.4.1 de WordPress no maneja adecuadamente nonces vacíos, lo que permit... • http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 83%CPEs: 2EXPL: 5CVE-2013-2010 – WordPress W3 Total Cache PHP Code Execution
https://notcve.org/view.php?id=CVE-2013-2010
01 Aug 2014 — WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability WordPress W3 Total Cache Plugin versión 0.9.2.8, presenta una Vulnerabilidad de Ejecución de Código PHP Remota. • https://packetstorm.news/files/id/130999 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •