VDB
CVE-2023-5359
CVE-2023-5359
PUBLISHED
CVSS 3.700000047683716 LOW
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
EPSS 2.44% · 85.5th percentile
Risk Scores
CVSS 3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
2.44%
85.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| boldgrid | W3 Total Cache | 0, 0, 0 |
| boldgrid | w3_total_cache | 0, 0, 0 |
Exploit Intelligence
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- Targets versions ≤2.7.5 vulnerable to CVE-2023-5359 (github-poc-repo)
- CVE-2023-5359 - W3 Total Cache Cleartext Storage Vulnerability Scanner. Detect exposed credentials in W3 Total Cache plugin versions ≤ 2.7.5. (github-poc-repo)
- CVE-2023-5359 - W3 Total Cache Cleartext Storage Vulnerability Scanner. Detect exposed credentials in W3 Total Cache plugin versions ≤ 2.7.5. (github-poc-repo)
- CVE-2023-5359 - W3 Total Cache Cleartext Storage Vulnerability Scanner. Detect exposed credentials in W3 Total Cache plugin versions ≤ 2.7.5. (github-poc-repo)
- CVE-2023-5359 - W3 Total Cache Cleartext Storage Vulnerability Scanner. Detect exposed credentials in W3 Total Cache plugin versions ≤ 2.7.5. (github-poc-repo)
…and 20 more exploits
Timeline
- Sep 24, 2024 CVE Published
- Sep 25, 2024 EPSS Score
- Sep 30, 2024 CVE Updated
- Oct 5, 2024 Coalition ESS Score
- Nov 3, 2024 EPSS Score
- Nov 22, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
- Mar 11, 2025 PoC Published
- Mar 13, 2025 PoC Published
- Mar 17, 2025 EPSS Score
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d89a534-978e-4fd8-be3a-5137bdc22dc9?source=cve url
- https://plugins.trac.wordpress.org/browser/w3-total-cache/trunk/PageSpeed_Api.php#L39 url
- https://plugins.trac.wordpress.org/changeset/3156426/w3-total-cache/tags/2.7.6/PageSpeed_Api.php url
- https://nvd.nist.gov/vuln/detail/CVE-2023-5359 advisory