WordPress Plugin Vulnerabilities

W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not validate the '_wpnonce' anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites.

Functionality exists where specific user agent strings can be configured to be redirected to other destinations. By abusing this feature with CSRF it is possible to add a user agent string that will redirect users to a malicious site.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.4.1

References

CVE
CVE-2014-9414
URL
https://mazinahmed.net/blog/w3-total-fail/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
Mazin Ahmed
Submitter website
https://mazinahmed.net/blog/
Submitter twitter
mazen160
Verified
No
WPVDB ID
d460073f-cfc4-4ac7-b008-5462e6f0b7bf

Timeline

Publicly Published
2014-12-12 (about 11 years ago)
Added
2014-12-12 (about 11 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2026-02-02
Title
ThirstyAffiliates < 3.11.10 - Cross-Site Request Forgery
Published
2014-08-01
Title
Conditional CAPTCHA 3.6 - wp-conditional-captcha.php Settings Page CSRF
Published
2024-08-29
Title
Tourfic < 2.11.21 - Cross-Site Request Forgery in Multiple Functions
Published
2022-06-16
Title
Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update
Published
2024-02-20
Title
Database Reset < 3.23 - Cross-Site Request Forgery to WP Reset Plugin Installation