cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, ade6610e45ed3c5100030940d6f2c0eed9bba619

CVE, Research URL

ade6610e45ed3c5100030940d6f2c0eed9bba619

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Oct 31, 2016
Research Description
W3 Total Cache [w3-total-cache] < 0.9.5 W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure The W3 Total Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 0.9.4. This is due to a minify function incorrectly restricting path input. This makes it possible for attackers to access restricted resources on private networks by using a vulnerable installation as a limited HTTP GET proxy.
Affected versions
max 0.9.5.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026