W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)

Sign up to our free email alerts service for instant vulnerability notifications!

Description
The plugin does not validate the '_wpnonce' anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites.

Functionality exists where specific user agent strings can be configured to be redirected to other destinations. By abusing this feature with CSRF it is possible to add a user agent string that will redirect users to a malicious site.

Affects

Plugin w3-total-cache
fixed in version 0.9.4.1

References

URL http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Submitter Mazin Ahmed
Submitter Website http://mazinahmed1.blogspot.com
Submitter Twitter mazen160
Views 463
Verified No
WPVDB ID 7717

Timeline

Added 2014-12-12 (almost 2 years ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.