CVE-2019-6715
First published: Mon Apr 01 2019(Updated: )
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Boldgrid W3 Total Cache | <0.9.4 | |
| <0.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-6715.
What is the affected software?
The affected software is the W3 Total Cache plugin before version 0.9.4 for WordPress by Boldgrid.
How can remote attackers exploit this vulnerability?
Remote attackers can exploit this vulnerability by reading arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data in the pub/sns.php file.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high, with a CVSS score of 7.5.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html](http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html), [https://vinhjaxt.github.io/2019/03/cve-2019-6715](https://vinhjaxt.github.io/2019/03/cve-2019-6715).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/boldgrid
- canonical/boldgrid w3 total cache