cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, 752fc738-496f-44fd-9ca6-24e29ef8e75e

CVE, Research URL

752fc738-496f-44fd-9ca6-24e29ef8e75e

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
-
Research Description
W3 Total Cache [w3-total-cache] < 0.9.5 W3 Total Cache &lt;= 0.9.4.1 &ndash; Authenticated Arbitrary PHP Code Execution This one is so mush easy to exploit using the import settings feature, this is what W3TC will do one your file is uploaded: ********** /** * Imports config content * * @param string $filename * @return boolean */ function import($filename) { if (file_exists($filename) &amp;&amp; is_readable($filename)) { $data = file_get_contents($filename); if (substr($data, 0, 5) == &#039;&lt;?php&#039;) $data = substr($data, 5); $config = eval($data); if (is_array($config)) { foreach ($config as $key =&gt; $value) $this-&gt;set($key, $value); return true; } } return false; } ********** The bad line is $config = eval($data); because it means that all my file content will be evaluated like any other PHP code. Basically we can send a PHP script that will create a backdoor.
Affected versions
max 0.9.5.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026