cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, 93fe3c61a47870bbeb7075d84dd635c1a1fd2b0e

CVE, Research URL

93fe3c61a47870bbeb7075d84dd635c1a1fd2b0e

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Sep 26, 2016
Research Description
W3 Total Cache [w3-total-cache] < 0.9.5 W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling The W3 Total Cache plugin for WordPress is vulnerable to authorization bypass due to the use of loose comparison on the nonce value in the /pub/apc.php file. This affects versions up to, and including, 0.9.4.1. This makes it possible for attackers to bypass nonce protections if a valid nonce starts with 0e. In the right situation this bypass can be used to empty the OPCache.
Affected versions
max 0.9.5.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026