| CVE-2021-24452 |
|
Medium |
Jul 19, 2021 |
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the E
more...
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
less...
|
0.9.5.1, 0.9.7.4, 0.9.7.2, 0.9.7.3, 0.9.7.1, 0.9.7, 0.9.6, 0.9.5.4, 0.9.5.3, 0.9.5.2
|
| CVE-2021-24436 |
|
Medium |
Jul 19, 2021 |
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension"
more...
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.
less...
|
0.9.5.1, 0.9.7.4, 0.9.7.2, 0.9.7.3, 0.9.7.1, 0.9.7, 0.9.6, 0.9.5.4, 0.9.5.3, 0.9.5.2
|
| CVE-2021-24427 |
|
Medium |
Jul 12, 2021 |
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript i
more...
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue
less...
|
0.9.5.1, 0.9.7.4, 0.9.7.2, 0.9.7.3, 0.9.7.1, 0.9.7, 0.9.6, 0.9.5.4, 0.9.5.3, 0.9.5.2
|
| BDSA-2019-1970 |
|
High |
Jul 03, 2019 |
W3 Total Cache is vulnerable to cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary JavaScript in the target's browser
more...
W3 Total Cache is vulnerable to cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary JavaScript in the target's browser by supplying a specially crafted HTTP request which executes code via the vulnerable parameter.
less...
|
|
| BDSA-2019-1969 |
|
High |
Jul 03, 2019 |
W3 Total Cache contains an input validation error. This could be exploited by a remote attacker by supplying a specially crafted invalid certificate. I
more...
W3 Total Cache contains an input validation error. This could be exploited by a remote attacker by supplying a specially crafted invalid certificate. If successful, the cryptographic check will be bypassed.
less...
|
|
| BDSA-2019-1962 |
|
High |
Jul 03, 2019 |
W3 Total Cache is vulnerable to server-side request forgery (SSRF). Lack of validation for user supplied input could allow an attacker to send a specia
more...
W3 Total Cache is vulnerable to server-side request forgery (SSRF). Lack of validation for user supplied input could allow an attacker to send a specially crafted HTTP request to the component. If successful, sensitive data may be exposed. This can also be exploited to send malicious requests from the vulnerable system to other servers.
less...
|
|
