W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)



Description
The plugin does not validate the '_wpnonce' anti-CSRF token. This issue can be used to perform many actions. The most significant action with the biggest impact is the ability to redirect users to malicious websites.

Functionality exists where specific user agent strings can be configured to be redirected to other destinations. By abusing this feature with CSRF it is possible to add a user agent string that will redirect users to a malicious site.

Affects Plugin

fixed in version 0.9.4.1

References

URL http://mazinahmed1.blogspot.com/2014/12/w3-total-caches-w3totalfail.html

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter Mazin Ahmed
Submitter Website http://mazinahmed1.blogspot.com
Submitter Twitter mazen160
Views 5340
Verified No
WPVDB ID 7717

Timeline

Publicly Published 2014-12-12 (over 4 years ago)
Added 2014-12-12 (over 4 years ago)
Last Updated 2015-05-15 (over 4 years ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin