WordPress Plugin W3 Total Cache - 'admin.php' Cross-Site Request Forgery

EDB-ID:

39304

CVE:

N/A




Platform:

PHP

Date:

2014-09-08


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/69745/info

W3 Total Cache plugin for WordPress is prone to a cross-site request-forgery vulnerability.

An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.

W3 Total Cache 0.9.4 is vulnerable; other versions may also be affected. 

http://www.example.com/wordpress/wp-admin/admin.php?page=w3tc_general&w3tc_note=enabled_edge