CVE-2023-5359 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5359 PUBLISHED CVSS 3.700000047683716 LOW

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.

EPSS 3.20% · 86.9th percentile

Risk Scores

CVSS v3.1

3.700000047683716

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

3.20%

86.9th percentile

Affected Products

Vendor	Product	Versions
boldgrid	W3 Total Cache	0, 0, 0
boldgrid	w3_total_cache	0, 0, 0

Timeline

Sep 24, 2024 CVE Published
Sep 25, 2024 EPSS Score
Sep 30, 2024 CVE Updated
Oct 5, 2024 Coalition ESS Score
Nov 2, 2024 EPSS Score
Nov 20, 2024 EPSS Score
Dec 29, 2024 EPSS Score
Jan 17, 2025 EPSS Score
Feb 23, 2025 EPSS Score
Mar 11, 2025 PoC Published
Mar 13, 2025 PoC Published
Mar 14, 2025 EPSS Score

References

Open in Interactive Console →