WordPress Plugin Vulnerabilities

W3 Total Cache - Remote Code Execution

Description

The W3 Total Cache WordPress plugin was affected by a Remote Code Execution security vulnerability.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.2.9

References

CVE
CVE-2013-2010
Exploitdb
25137
URL
exploit/unix/webapp/wp_total_cache_exec
URL
https://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Verified
Yes
WPVDB ID
96254d53-ae58-443d-8acc-b67a05d2ad75

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2022-05-18
Title
The School Management < 9.9.7 - Unauthenticated RCE via REST api
Published
2022-02-08
Title
PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block
Published
2007-03-02
Title
WordPress 2.1.1 - RCE Backdoor
Published
2024-03-12
Title
Anti-Malware Security and Brute-Force Firewall < 4.23.56 - Unauthenticated Remote Code Execution
Published
2024-12-09
Title
Active Products Tables for WooCommerce. Use constructor to create tables < 1.0.6.6 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth