N/A
2025-10-27< 2.8.13
W3 Total Cache <= 2.8.12 - Unauthenticated Command Injection
W3 Total Cache
Minimum safe version
2.9.4
Update to 2.9.4 or later to address 49 fixable vulnerabilities
Latest available2.9.4 ✓
N/A
2026-04-01< 2.9.4
W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
Critical 9.0
2026-03-05< 2.9.2
CVE-2026-27384
High 8.5
2025-01-14< 2.8.2
CVE-2024-12365
Medium 5.3
2025-01-14< 2.8.2
CVE-2024-12006
Medium 5.3
2025-01-14< 2.8.2
CVE-2024-12008
High 7.5
2024-09-24< 2.7.6
CVE-2023-5359
N/A
2014-09-08< 0.9.4.1
W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
N/A
2016-07-29< 0.9.5
W3 Total Cache <= 0.9.4.1 - Cross-Site Scripting via request_id
N/A
2016-09-26< 0.9.5
W3 Total Cache <= 0.9.4.1 - Arbitrary Code Execution via settings import
N/A
2016-09-26< 0.9.5
W3 Total Cache <= 0.9.4.1 - Authenticated Arbitrary File Download
N/A
2016-09-26< 0.9.5
W3 Total Cache <= 0.9.4.1 - Arbitrary File Upload
N/A
2016-09-26< 0.9.5
W3 Total Cache <= 0.9.4.1 - Security Token Bypass via Type Juggling
N/A
2016-10-31< 0.9.5
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure
N/A
2016-11-10< 0.9.5
W3 Total Cache <= 0.9.4.1 - Weak validation of Amazon SNS push messages
N/A
2019-05-07< 0.9.7.4
W3 Total Cache plugin <= 0.9.7.3 - Reflected Cross-Site Scripting
N/A
2019-05-07< 0.9.7.4
W3 Total Cache <= 0.9.7.3 - Improper Input Validation via openssl_verify
N/A
2019-05-22< 0.9.7.4
W3 Total Cache <= 0.9.7.3 - Server Side Request Forgery
High 7.5
2020-09-22< 0.9.2.5
W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure
High 7.5
2020-09-22< 0.9.2.5
W3 Total Cache <= 0.9.2.4 - Password Hash Extraction
High 7.7
2022-06-27< 2.2.3
CVE-2022-31090
High 7.5
2020-09-22< 0.9.2.5
W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure
N/A
< 0.9.4.1
W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross-Site Scripting (XSS)
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP Code Execution
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
N/A
< 0.9.5
W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 - Information Disclosure Race Condition
N/A
< 0.9.5
W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SNS Push Messages
N/A
< 0.9.7.4
W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)
N/A
< 0.9.7.4
W3 Total Cache < 0.9.7.4 - Blind SSRF and RCE via phar
N/A
< 0.9.7.4
W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass
N/A
2013-05-01< 0.9.2.9
WordPress W3 Total Cache plugin <= 0.9.2.8 - PHP Code Execution vulnerability
N/A
2015-05-15< 0.9.4.1
WordPress W3 Total Cache Plugin <= 0.9.4 - Cross Site Request Forgery
N/A
2016-09-26< 0.9.5
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Reflected Cross Site Scripting
N/A
2016-09-27< 0.9.5
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary PHP Code Execution
N/A
2016-09-27< 0.9.5
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary File Download
N/A
2016-09-27< 0.9.5
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Arbitrary File Upload
N/A
2016-09-27< 0.9.5
WordPress W3 Total Cache Plugin <= 0.9.4.1 - Bypass
N/A
2019-05-07< 0.9.7.4
WordPress W3 Total Cache plugin <= 0.9.7.3 - Cross-Site Scripting (XSS) vulnerability
N/A
2014-12-19< 0.9.4.1
CVE-2014-8724
N/A
2014-12-24< 0.9.4.1
CVE-2014-9414
High 7.5
2020-12-22< 0.9.4
W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal
Critical 9.8
2020-02-12< 0.9.2.9
CVE-2013-2010
Medium 4.8
2021-07-12< 2.1.3
CVE-2021-24427
Medium 6.1
2021-07-19< 2.1.4
CVE-2021-24436
Medium 6.1
2021-07-19< 2.1.5
CVE-2021-24452