A critical vulnerability has been discovered in the popular W3 Total Cache plugin for WordPress, potentially exposing millions of websites to unauthorized access and exploitation. The flaw, identified as CVE-2024-12365, affects all plugin versions up to and including 2.8.1. The vulnerability allows authenticated attackers with Subscriber-level permissions or higher to exploit a missing authorization check in the plugin’s is_w3tc_admin_page function.
Security researchers from Wordfence disclosed that the flaw could enable attackers to obtain the plugin’s nonce value, which is used to authenticate requests. Once the nonce is compromised, attackers can access sensitive data, perform unauthorized actions, and even launch server-side request forgery (SSRF) attacks. These actions could lead to information disclosure, overconsumption of service plan limits, and unauthorized access to internal services or cloud-based instance metadata.
The W3 Total Cache plugin is widely adopted for optimizing WordPress websites by improving load times and caching content. Given its popularity, this vulnerability poses a significant risk to a vast number of sites, including those hosted on cloud services where sensitive configuration details could be exposed.
To mitigate the risk, website administrators are urged to update the plugin immediately. The developers of W3 Total Cache have released version 2.8.2, which addresses the flaw. Additionally, administrators should review user roles and limit Subscriber-level permissions to only those accounts that are absolutely necessary. Auditing accounts to remove unused or unnecessary users is also recommended.
Website owners and administrators are strongly encouraged to act promptly to secure their platforms.
