CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12365

Critical Severity
Boldgrid
SVRS
80/100
CVSSv3
8.5/10
EPSS
0.1365/1

CVE-2024-12365 in WordPress W3 Total Cache plugin allows unauthorized data access. This critical vulnerability stems from a missing capability check, affecting versions up to 2.8.1. The W3 Total Cache plugin flaw enables authenticated attackers, even with Subscriber-level access, to obtain the plugin's nonce and perform unauthorized actions. This leads to information disclosure, service plan exhaustion, and arbitrary web requests. Given the SOCRadar Vulnerability Risk Score (SVRS) of 80, CVE-2024-12365 is classified as critical and demands immediate patching. Successful exploitation could expose sensitive data and compromise internal systems, making this a high-priority security risk for WordPress sites using the W3 Total Cache plugin. The fact that it is tagged "In The Wild" should be taken very seriously.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:C
C:H
I:L
A:N
PUBLICATION DATE2025-01-14
LAST MODIFIED2025-01-14
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12365 affects the W3 Total Cache plugin for WordPress, exposing it to unauthorized data access due to a missing capability check in the is_w3tc_admin_page function. This vulnerability allows authenticated attackers with Subscriber-level access or higher to obtain the plugin's nonce value and execute unauthorized actions. These actions can lead to information disclosure, service plan limit consumption, and unauthorized web requests originating from the web application. These requests can potentially query information from internal services, including instance metadata on cloud-based applications.

The SVRS (SOCRadar Vulnerability Risk Score) for this CVE is 44, indicating a moderate risk. While the CVSS score is 8.5, suggesting a high severity, the SVRS considers additional factors like threat actor activity, exploit availability, and other intelligence sources, resulting in a lower score.

Key Insights

  • Exploitation in the Wild: This vulnerability has been observed in the wild, meaning attackers are actively exploiting it. This highlights the urgency of addressing it.
  • Impact on Sensitive Data: The unauthorized access to the plugin's nonce value can lead to information disclosure, potentially revealing sensitive data about the website and its users.
  • Unauthorized Web Requests: Attackers can use the vulnerability to initiate unauthorized web requests from the compromised WordPress website, potentially targeting internal services or accessing sensitive data on cloud-based applications.
  • Impact on Service Plan Limits: Exploiting this vulnerability can lead to unauthorized consumption of service plan limits associated with the W3 Total Cache plugin, potentially incurring unexpected costs or service disruptions.

Mitigation Strategies

  • Update the W3 Total Cache Plugin: Immediately upgrade the plugin to version 2.8.2 or later, as this version includes a fix for the vulnerability.
  • Implement Strong Password Policies: Enforce strong password policies for all user accounts on the WordPress website to prevent unauthorized access.
  • Enable Two-Factor Authentication: Utilize two-factor authentication (2FA) for all user accounts, including administrators, to add an extra layer of security.
  • Restrict User Permissions: Limit the permissions granted to user accounts, ensuring that only authorized users have access to sensitive functionalities and data.

Additional Information

If you have additional questions or require further information about this vulnerability, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities
Ferdi Gül2025-04-01
Focus Friday: Third-Party Risks In PostgreSQL and Zimbra Vulnerabilities | Written by: Ferdi Gül This week’s Focus Friday blog highlights two critical vulnerabilities impacting enterprise systems: CVE-2025-1094 in PostgreSQL and CVE-2023-34192 in Zimbra Collaboration Suite (ZCS). These vulnerabilities pose significant risks to third-party ecosystems, potentially leading to SQL injection attacks in PostgreSQL and Cross-Site Scripting (XSS) exploits in Zimbra. As organizations continue to rely on […] The post Focus Friday: Third-Party Risks In PostgreSQL and Zimbra
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™
Ferdi Gül2025-03-01
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™ | Written by: Ferdi Gül In today’s interconnected digital landscape, the rapid emergence of critical vulnerabilities demands an agile and informed approach to Third-Party Risk Management (TPRM). This week’s Focus Friday blog highlights high-profile incidents involving vulnerabilities in FortiGate firewalls, QNAP NAS systems, Mongoose, and the W3 Total Cache WordPress plugin. Each of these vulnerabilities poses […] The post FOCUS FRIDAY: TPRM Insights
normshield.com
rss
forum
news
Focus Friday: Addressing Third-Party Risks in PAN-OS, Ivanti Connect Secure, Zimbra, and Cacti Vulnerabilities
Ferdi Gül2025-02-14
Focus Friday: Addressing Third-Party Risks in PAN-OS, Ivanti Connect Secure, Zimbra, and Cacti Vulnerabilities | Written by: Ferdi Gül In this week’s Focus Friday, we examine high-impact vulnerabilities affecting Palo Alto Networks PAN-OS, Ivanti Connect Secure, Zimbra Collaboration, and Cacti, all of which pose significant third-party risk concerns. These vulnerabilities range from remote code execution (RCE) flaws to SQL injection attacks that could lead to data breaches, system takeovers, and […] The post Focus Friday: Addressing Third-Party Risks
normshield.com
rss
forum
news
🚨 Patch Tuesday – February 2025 Edition
Mike (Action1)2025-02-11
🚨 Patch Tuesday – February 2025 Edition | Patch Tuesday Alert: February 2025 Microsoft has released fixes for 56 vulnerabilities, including two zero-days, while an older zero-day received additional updates. Two more vulnerabilities now have public proof-of-concept exploits. Third-party updates impact: Web browsers, WordPress, Ivanti, Cloudflare, Cisco, Apple, Android, 7-Zip, Cacti, Rsync, and SimpleHelp.
spiceworks.com
rss
forum
news
Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2025-01-26
Security Affairs newsletter Round 508 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Subaru Starlink flaw allowed experts to remotely hack cars Participants in the Pwn2Own Automotive 2025 earned $886,250 U.S. […] A new round of the weekly SecurityAffairs newsletter
securityaffairs.co
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
Ajit Jasrotia2025-01-20
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] | As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that […] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] appeared
allhackernews.com
rss
forum
news
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks
Pierluigi Paganini2025-01-19
A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks | A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a [&#8230;] <h2 class="wp-block-heading
securityaffairs.co
rss
forum
news

Social Media

The vulnerability is tracked as CVE-2024-12365, and when exploited, can expose potentially sensitive data
1
0
0
🚨 Critical Security Alert for WordPress Users! 🚨 A major vulnerability (CVE-2024-12365) has been found in the W3 Total Cache plugin, putting websites at risk of: 🔓 Arbitrary code execution 🔓 Unauthorized data access What to do NOW: 1️⃣ Update immediately to the
3
0
4
A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. https://t.co/f1aRTuaDG6 #Wordpress #w3 #cve #vulnerability #cybersecurity #threatresq
0
0
1
A severe vulnerability (CVE-2024-12365) in the W3 Total Cache plugin affects 1M+ WordPress sites, putting sensitive data at risk. Website owners are strongly advised to update to the latest version immediately.📢 Read more 🔎&gt;&gt; https://t.co/BZPqK6DKIs #CyberSecurity #WordPress https://t.co/i6gsH2TJij
0
0
1
#ITSecurity W3 Total Cache, a plugin used to boost website performance and improve search engine optimization, has been found to contain a critical security flaw (CVE-2024-12365) that could allow attackers to gain unauthorized access to sensitive data and even launch attacks on
0
0
0
La petit news du vendredi qui fait plaisir ^^' 🚨 1M+ de sites WordPress exposés ! La populaire extension W3 Total Cache est vulnérable (CVE-2024-12365, CVSS 8.5). Une vuln qui permet des attaques SSRF, la divulgation d'info et l'abus du service de cache. 🔍 Mettez à jour !
0
0
1
🚨🚨CVE-2024-12365 (CVSS: 8.5) : W3 Total Cache &lt;= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery ⚠️This flaw could allow attackers to gain unauthorized access to sensitive data and even launch attacks on internal systems. ZoomEye https://t.co/33JZAFKR0i
0
0
1
A critical flaw in the W3 Total Cache plugin exposes over 1 million WordPress sites to attacks, risking unauthorized access to sensitive info. CVE-2024-12365 still threatens unpatched sites. ⚠️ #WordPress #Vulnerability #USA #CybersecurityNews link: https://t.co/a2XNCJWdTs https://t.co/0PvsOiccvj
0
0
1
[CVE-2024-12365: HIGH] WordPress plugin W3 Total Cache versions up to 2.8.1 have a vulnerability allowing unauthorized data access. Attackers with Subscriber-level access can exploit this issue.#cybersecurity,#vulnerability https://t.co/uiY9sSf24H https://t.co/F2UoZulJTF
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppBoldgridw3_total_cache

References

ReferenceLink
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extension_ImageService_Plugin_Admin.php#L200
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L246
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.php#L55
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L385
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L516
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.php#L55
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Root_Loader.php#L269
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L10
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/UsageStatistics_Plugin_Admin.php#L94
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Admin.php#L822
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/footer.php#L49
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/inc/options/common/top_nav_bar.php#L217
[email protected]https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/w3-total-cache.php#L71
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/196e629f-7c77-4bcb-8224-305a0108b630?source=cve

CWE Details

CWE IDCWE NameDescription
CWE-862Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence