Security Advisory

WordPress Plugin Security Update Advisory (CVE-2025-9501)

  • Dec 02 2025
WordPress Plugin Security Update Advisory (CVE-2025-9501)

Overview

 

We have released a security update to address a vulnerability in our WordPress plugin. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-9501

 

W3 Total Cache versions: 2.8.12 and earlier

 

 

Resolved Vulnerabilities

 

Remote code execution (RCE) vulnerability via _parse_dynamic_mfunc in the W3 Total Cache plugin (CVE-2025-9501)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-9501

 

W3 Total Cache version: 2.8.13

 

 

References

 

[1] W3 Total Cache <= 2.8.12 – Unauthenticated Command Injection
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-ca..

Tags:
Previous Post

Next Post