Over a million WordPress sites exposed to attacks due to a flaw in the W3 Total Cache plugin


  • A vulnerability has been discovered in the W3 Total Cache WordPress plugin that could expose data and more
  • It affects all versions up to and including 2.8.2, which were released in response
  • Hundreds of thousands of WordPress websites are still vulnerable

W3 Total Cache, a popular WordPress plugin for optimizing website performance, reportedly contained a high-severity vulnerability that could allow attackers to access sensitive information, abuse service plan limits, and perform unauthorized actions.

The vulnerability is tracked as CVE-2024-12365 and has a severity score of 8.5/10 (high). It occurs due to a missing capacity check in a function and affects all versions up to and including 2.8.1.