W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass



Description
The return value of `openssl_verify` is not properly validated, which allows to bypass the cryptographic check.

Affects Plugin

fixed in version 0.9.7.4

References

URL https://plugins.trac.wordpress.org/changeset/2081515/w3-total-cache#file21

Classification

Type BYPASS

Miscellaneous

Original Researcher Thomas Chauchefoin
Views 2612
Verified No
WPVDB ID 9271

Timeline

Publicly Published 2019-05-06 (14 days ago)
Added 2019-05-06 (13 days ago)
Last Updated 2019-05-07 (13 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.