Pierluigi Paganini January 19, 2025

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps.

A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps.

The WordPress W3 Total Cache plugin is a popular performance optimization tool designed to improve the speed and efficiency of WordPress websites. It is installed on over one million WordPress sites, owners use this plugin to enhance user experience, boost SEO rankings, and reduce server load.

The vulnerability allows authenticated attackers with Subscriber access to exploit a missing capability check, leading to information disclosure. The vulnerability impacts plugin version up to 2.8.1.

The issue allows authenticated users (Subscriber-level or higher) to exploit a missing capability check, exposing sensitive data, consuming service limits, and accessing internal services, including cloud app metadata.

“The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1.” reads the advisory published by WordPress. “This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin’s nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.”

Despite the availability of the security patch, hundreds of thousands of websites have yet to upgrade to the latest version, 2.8.2.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, WordPress)