WordPress Plugin Security Update Advisory (CVE-2024-12365)

Overview

We have released a security update to address a vulnerability in our WordPress plugin. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-12365

W3 Total Cache Version: ~ 2.8.1 (inclusive)

 

Resolved Vulnerabilities

SSRF vulnerability due to missing authorization (CVE-2024-12365)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

CVE-2024-12365

W3 Total Cache version: 2.8.2

 

References

[1] W3 Total Cache <= 2.8.1 – Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery