cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, 0f23fa7c-ddeb-4dfb-9718-2cbff24cffe7

CVE, Research URL

0f23fa7c-ddeb-4dfb-9718-2cbff24cffe7

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
-
Research Description
W3 Total Cache [w3-total-cache] < 0.9.7.4 W3 Total Cache &lt; 0.9.7.4 - Blind SSRF and RCE via phar The implementation of `opcache_flush_file` calls `file_exists` with a parameter fully controlled by the user.
Affected versions
max 0.9.7.4.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026