cleantalk
Vulnerabilities and Security Researches

W3 Total Cache, f5e6351ff19dc391a2a750b2f7b0f97e716d5b29

CVE, Research URL

f5e6351ff19dc391a2a750b2f7b0f97e716d5b29

Home page URL

Security reports for W3 Total Cache

Application

W3 Total Cache

Published on
Jul 29, 2016
Research Description
W3 Total Cache [w3-total-cache] < 0.9.5 W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id The W3 Total Cache plugin plugin for WordPress is vulnerable to Cross-Site Scripting via the 'request_id' parameter in versions up to, and including, 0.9.4.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 0.9.5.
Status
vulnerable
Previous vulnerability researches
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
W3 Total Cache (CVE-2024-12365) , Jan 14, 2025
W3 Total Cache (CVE-2024-12006) , Jan 14, 2025
W3 Total Cache (CVE-2024-12008) , Jan 14, 2025
W3 Total Cache (91816c620bff939df0db1b9923ab56362614d8ff) , Jun 16, 2026
New vulnerability
CF7 to Webhook (CVE-2026-11395) , Jun 19, 2026
W3 Total Cache (CVE-2026-39595) , Jun 19, 2026
Advanced Ads – Ad Manager &amp; AdSense (CVE-2026-54816) , Jun 19, 2026
Advanced Order Export For WooCommerce (CVE-2026-11360) , Jun 19, 2026
WP Activity Log (CVE-2026-54806) , Jun 18, 2026