Summary: A critical vulnerability (CVE-2024-12365) has been discovered in the W3 Total Cache plugin, affecting over a million WordPress websites. This flaw allows authenticated users with minimal privileges to exploit the system, leading to unauthorized access to sensitive data and potential attacks on internal systems. Website owners are urged to update to version 2.8.2 to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: WordPress websites | WordPress websites
Keypoints :
- W3 Total Cache plugin has a critical security flaw with a CVSS score of 8.5.
- Attackers can exploit this vulnerability for information disclosure, resource depletion, and server-side request forgery (SSRF).
- Website owners must update to version 2.8.2 to protect against these vulnerabilities.