cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, CVE-2021-24427

CVE, Research URL

CVE-2021-24427

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Jul 13, 2021
Research Description
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue
Affected versions
Min -, max 2.1.3.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (CVE-2014-8724) , Jun 07, 2024
W3 Total Cache (CVE-2013-2010) , Jun 07, 2024
New vulnerability
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log (CVE-2025-39544) , Apr 17, 2025
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages (CVE-2025-26992) , Apr 17, 2025
SKT Blocks – Gutenberg based Page Builder (CVE-2025-26998) , Apr 17, 2025
DN Shipping by Weight for WooCommerce (CVE-2025-32535) , Apr 17, 2025
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025