Description

WordPress plugin W3 Total Cache has a security issue that can occur if using database caching to disk. When database caching to disk with a web server with directory listing or web accessible wp-content/w3tc/dbcache/* directories an attacker can predict the names of cache files and retrieve their contents.

Remediation

Upgrade to W3 Total Cache version 0.9.2.5 or later.

References

WordPress Remote Exploit - W3 Total Cache

W3 Total Cache changelog

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2004-0547)

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2117)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-1903)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5751)

PHP Other Vulnerability (CVE-2007-1889)

Severity

High

Classification

CVE-2012-6077 CVE-2012-6078 CVE-2012-6079 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities