• WordPress Plugin W3 Total Cache is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. WordPress Plugin W3 Total Cache version 0.9.2.4 is vulnerable; prior versions are also affected.

• Update to plugin version 0.9.2.5 or latest

• • http://packetstormsecurity.com/files/119077/WordPress-W3-Total-Cache-Data-Disclosure.html
  • http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh
  • https://github.com/FireFart/W3TotalCacheExploit

• 

• CWE-200

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

• Missing Update Information Disclosure

• WordPress Plugin WP Statistics Multiple Unspecified Vulnerabilities (9.6.5)
• WordPress Plugin Geo Mashup Cross-Site Scripting (1.8.2)
• WordPress Plugin FAQs Manager SQL Injection (1.0)
• WordPress Plugin WPPizza Cross-Site Scripting (2.11.8.17)
• WordPress Plugin Seriously Simple Podcasting Cross-Site Scripting (1.9.4)