cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, CVE-2021-24436

CVE, Research URL

CVE-2021-24436

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Jul 19, 2021
Research Description
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
Affected versions
Min -, max 2.1.4.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (CVE-2014-8724) , Jun 07, 2024
W3 Total Cache (CVE-2013-2010) , Jun 07, 2024
New vulnerability
WordPress CRM Plugin – WP-CRM System (CVE-2025-47629) , May 09, 2025
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2025-3862) , May 09, 2025
워드프레스 결제 심플페이 – 우커머스 결제 플러그인 (CVE-2025-47661) , May 09, 2025
Instantio – WooCommerce Quick Checkout | Instant Checkout, Side Cart & Popup Cart (CVE-2025-47550) , May 09, 2025
theMarketer for Woocommerce (CVE-2025-47655) , May 09, 2025