ThreatPress

WordPress Vulnerabilities Database

Back

WordPress W3 Total Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability

Product
W3 Total Cache
Description
WordPress W3 Total Cache plugin's "admin.php" is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session.
Solution
Update the WordPress W3 Total Cache plugin to the latest available version (at least 0.9.5)
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-2014-9414
Versions
Affected In <= 0.9.4
Fixed In 0.9.5
Disclosure date
2014-09-08
Credits
Voxel@Night
Submitter
ThreatPress