In his report on bleepingcomputer.com, Bill Toulas stated that a serious vulnerability was found in the W3 Total Cache plugin installed on more than one million WordPress sites. This resulted in granting access to various information, including metadata on cloud-based applications, to attackers.
The W3 Total Cache plugin uses several caching techniques to optimize website speed, reduce load times, and improve SEO rankings.
The vulnerability has been tracked as CVE-2024-12365, and although the developers have released a patched version, hundreds of thousands of websites still need to install the patched variant.
Details of the vulnerability:
Wordfence notes that this security issue is caused by a missing capability check in the ‘is_w3tc_admin_page’ function in all versions up to the latest version 2.8.2. This error allows unauthorized actions and access to the plugin’s security nonce value.
If the attacker is authenticated and has at least a customer level, then it is very likely that this vulnerability can be exploited.
The main risk arising from the exploitation of CVE-2024-12365 is:
- Server-Side Request Forgery (SSRF): making web requests that potentially expose sensitive data, including metadata in cloud-based applications to attackers.
- Disclosure of information.
- Service abuse: using the cache service limits, leading to site performance issues and increased costs.
The real impact of this vulnerability is that attackers can use the website’s infrastructure to proxy requests to other services and use the collected information to carry out subsequent attacks.
The best step that affected users can take is to upgrade to the latest version of W3 Total Cache.
Looking at the download statistics from wordpress.org, the graph shows that around 150,000 websites have installed the plugin (update) after the developer released the latest version update. Website owners are advised to avoid installing a large number of WordPress plugins and to remove unnecessary plugins. Because this poses a risk of attackers exploiting your website through the plugins you have installed. In addition, web application firewalls have proven capable of identifying and blocking exploitation attempts.
Source:
https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/
https://www.cve.org/CVERecord?id=CVE-2024-12365
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery
https://wordpress.org/plugins/w3-total-cache/advanced/