WordPress Plugin Vulnerabilities

W3 Total Cache 0.9.2.4 - Username & Hash Extract

Description

The W3 Total Cache WordPress plugin was affected by an Username & Hash Extract security vulnerability.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.2.5

References

CVE
CVE-2012-6079
CVE
CVE-2012-6078
URL
https://seclists.org/fulldisclosure/2012/Dec/242
URL
https://github.com/FireFart/W3TotalCacheExploit

Miscellaneous

Verified
Yes
WPVDB ID
b71d8f6e-4d35-482e-a8a1-e45b9e1bfbdc

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2014-08-01
Title
RokBox <= 2.13 - rokbox.php Direct Request Path Disclosure
Published
2026-01-22
Title
LazyTasks < 1.3.01 - Unauthenticated Privilege Escalation
Published
2023-06-02
Title
Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF
Published
2024-08-07
Title
Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover
Published
2018-04-09
Title
Contact Form 7 to Database Extension 2.10.32 - CSV Injection