W3 Total Cache 漏洞列表
共找到 7 个与 W3 Total Cache 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-6715: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal POC
WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php. -
CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting POC
WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise. -
CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting POC
WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise. -
CVE-2019-6715: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal POC
WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php. -
CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting POC
WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise. -
CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting POC
WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise. -
WordPress W3 Total Cache pub/sns.php 文件读取漏洞(CVE-2019-6715) 无POC
WordPress是一套使用PHP语言开发的博客平台。W3 Total Cache plugin是使用在其中的一个SEO(搜索引擎优化)插件。WordPress W3 Total Cache插件0.9.4之前版本,pub/sns.php文件存在任意文件读取漏洞,可使远程攻击者通过SubscribeURL字段,读取任意文件。