• WordPress Plugin W3 Total Cache is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. WordPress Plugin W3 Total Cache version 0.9.2.4 is vulnerable; prior versions are also affected.

• Update to plugin version 0.9.2.5 or latest

• • http://packetstormsecurity.com/files/119077/WordPress-W3-Total-Cache-Data-Disclosure.html
  • http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh
  • https://github.com/FireFart/W3TotalCacheExploit

• 

• CWE-200

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

• Missing Update Information Disclosure

• WordPress Plugin Surveys SQL Injection (1.01.8)
• WordPress Plugin Simple History Information Disclosure (2.7.4)
• WordPress Plugin WP Easy Post Types Cross-Site Scripting (1.4.3)
• WordPress Plugin Style It Cross-Site Scripting (1.0)
• Drupal Core 8.x Security Bypass (8.0.0 - 8.1.6)