Unrated severityNVD Advisory· Published Jan 14, 2025· Updated Apr 8, 2026
W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation
CVE-2024-12006
Description
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=2.8.1+ 1 more
- (no CPE)range: <=2.8.1
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.phpmitre
- plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.phpmitre
- plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.phpmitre
- plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Extensions_Plugin_Admin.phpmitre
- plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Generic_Plugin_Admin.phpmitre
- www.wordfence.com/threat-intel/vulnerabilities/id/329ad5dc-9339-4540-aba3-f21a78a74d4bmitre
News mentions
0No linked articles in our index yet.