CVE-2024-12008

Published: Jan 14, 2025Modified: Jan 16, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.

Affected (1)

Products: Boldgrid: W3 Total Cache

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Boldgrid W3 Total Cache	Before 2.8.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Debug.php#L29

Source: security@wordfence.com

Patch

https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Environment.php#L430

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.