WordPress Plugin Vulnerabilities

W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)

Description

The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.5

References

URL
https://klikki.fi/adv/w3_total_cache.html

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
8835ac84-9176-44f6-9218-7022debf0eab

Timeline

Publicly Published
2016-10-31 (about 9 years ago)
Added
2016-11-01 (about 9 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2024-06-18
Title
WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery
Published
2025-10-23
Title
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers < 2.1.5 - Unauthenticated Server-Side Request Forgery
Published
2024-07-29
Title
Edubin <= 9.2.0 - Unauthenticated Server-Side Request Forgery
Published
2026-01-27
Title
AI Engine < 3.3.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-07-02
Title
CoBlocks < 3.1.12 - Contributor+ SSRF