- Published on
-
Feb 23, 2026
- Research Description
-
Caching and performance optimization plugins can dramatically improve page speed, but they also expand the security footprint because they sit between dynamic application logic and static delivery. A cache can unintentionally store and serve private content, expose sensitive headers or debug artifacts, or create integrity issues when minification and rewrite rules transform how resources are delivered. These plugins also tend to touch high-risk areas like wp-admin configuration, filesystem writes (cache directories, rewrite rules), and external integrations (CDNs, reverse proxies), which means weaknesses frequently translate into data leakage, stored XSS in admin previews, cache poisoning, or denial-of-service conditions. W3 Total Cache version 2.9.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64614, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for caching and optimization plugins.
- Affected versions
-
Min 2.9.4,
max 2.9.4.
Plugin Security Certification
Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Get Plugin Security Certificate
| Previous vulnerability researches |
|
W3 Total Cache
(CVE-2024-12365)
, Jan 14, 2025
|
|
W3 Total Cache
(CVE-2024-12006)
, Jan 14, 2025
|
|
W3 Total Cache
(CVE-2024-12008)
, Jan 14, 2025
|
|
W3 Total Cache
(CVE-2014-8724)
, Jun 07, 2024
|
|
W3 Total Cache
(CVE-2013-2010)
, Jun 07, 2024
|
| New vulnerability |
|
Publitio
(CVE-2025-58962)
, Apr 24, 2026
|
|
Social Rocket – Social Sharing Plugin
(CVE-2026-1923)
, Apr 24, 2026
|
|
Salon booking system
(CVE-2025-8492)
, Apr 24, 2026
|
|
Events Addon for Elementor
(CVE-2025-8150)
, Apr 24, 2026
|
|
WordPress Infinite Scroll – Ajax Load More
(CVE-2025-59582)
, Apr 24, 2026
|