WordPress Plugin Vulnerabilities

W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read

Description

The W3 Total Cache WordPress plugin was affected by an Unauthenticated Arbitrary File Read security vulnerability.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.4

References

CVE
CVE-2019-6715
Exploitdb
49317
URL
https://vinhjaxt.github.io/2019/03/cve-2019-6715

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.6 (high)

Miscellaneous

Original Researcher
vinhjaxt
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
692eac9d-2b17-4b18-94fe-b0d353bdacd6

Timeline

Publicly Published
2014-09-20 (about 11 years ago)
Added
2019-04-02 (about 7 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2022-03-27
Title
Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read
Published
2022-08-22
Title
Ajax Load More < 5.5.4 - Admin+ Arbitrary File Read
Published
2025-09-03
Title
atec Debug < 1.2.23 - Admin+ Arbitrary File Deletion
Published
2025-10-15
Title
Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download
Published
2016-03-29
Title
Ebook Download < 1.2 - Directory Traversal