W3 total cache

This hub aggregates every CVE we track for W3 total cache, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Plugins

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM8HIGH6CRITICAL3LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting W3 total cache.

CVE-2026-39595WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability4.7Jun 17, 2026
CVE-2026-5032W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header7.5Apr 2, 2026
CVE-2026-27384WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability9.0Mar 5, 2026
CVE-2025-9501W3 Total Cache < 2.8.13 - Unauthenticated Command Injection9.0Nov 17, 2025
CVE-2024-12008W3 Total Cache <= 2.8.1 Information Exposure via Log Files5.3Jan 14, 2025
CVE-2024-12365W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery8.5Jan 14, 2025
CVE-2024-12006W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation5.3Jan 14, 2025
CVE-2023-5359W3 Total Cache <= 2.7.5 - Sensitive Credentials Stored in Plaintext3.7Sep 24, 2024
CVE-2021-24452W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)6.1Jul 19, 2021
CVE-2021-24436W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)6.1Jul 19, 2021
CVE-2021-24427W3 Total Cache < 2.1.3 - Authenticated Stored XSS4.8Jul 12, 2021
CVE-2013-2010WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability9.8Feb 12, 2020
CVE-2012-6079W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys.7.5Nov 22, 2019
CVE-2012-6078W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes.7.5Nov 22, 2019
CVE-2012-6077W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files.7.5Nov 22, 2019

Product normalization is registry-driven with AI assist and human review. How it works