W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass



Description
The return value of `openssl_verify` is not properly validated, which allows to bypass the cryptographic check.

Affects Plugin

fixed in version 0.9.7.4

References

URL https://plugins.trac.wordpress.org/changeset/2081515/w3-total-cache#file21

Classification

Type BYPASS

Miscellaneous

Original Researcher Thomas Chauchefoin
Views 5564
Verified No
WPVDB ID 9271

Timeline

Publicly Published 2019-05-06 (2 months ago)
Added 2019-05-06 (2 months ago)
Last Updated 2019-05-07 (2 months ago)