cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, 440d508939c231b4d88a35a4f78ea3fab258d1d8

CVE, Research URL

440d508939c231b4d88a35a4f78ea3fab258d1d8

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Sep 08, 2014
Research Description
W3 Total Cache [w3-total-cache] < 0.9.4.1 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting The W3 Total Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.9.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 0.9.4.1.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026