Donweb MediaApr 19

W3 Total Cache vs REST API: guía de soluciones

Descubre cómo resolver los problemas entre W3 Total Cache y REST API en WordPress. Guía completa con soluciones prácticas y mejores prácticas.

https://seguridadenwordpress.com/w3-total-cache-rest-api-problemas-soluciones/

#w3totalcache #wordpressrestapi #cachewordpress #pluginswordpress #soluciónproblemas

W3 Total Cache vs REST API: guía de soluciones - Seguridad en Wordpress

W3 Total Cache puede causar conflictos con la REST API de WordPress. Descubre los problemas comunes, por qué ocurren y cómo resolverlos para mantener tu sitio funcionando correctamente.

Seguridad en Wordpress
Stefano PiccoMar 31
Es gibt aktuellen einen fiesen #AJAX Buf im #W3TC #Plugin, man sollte ein #Rollback auf 2.9.2 machen https://wordpress.org/support/plugin/w3-total-cache/ #wordpress #w3totalcache #caching
[W3 Total Cache] Support | WordPress.org

WordPress.org Forums
maniabelNov 18

Kritische Befehls‑Injection‑Lücke im WordPress‑Plugin W3 Total Cache

Eine schwerwiegende Sicherheitslücke (CVE‑2025‑9501, CVSS‑Score 9.0) wurde im beliebten WordPress‑Caching‑Plugin W3 Total Cache entdeckt. Sie ermöglicht Remote‑Code‑Execution – das heißt, Angreifer können beliebige Befehle auf dem Server ausführen, ohne sich vorher authentifizieren zu müssen.

#wordpress #plugin #w3totalcache #infosec #infosecnews #RemoteCodeExecution

https://beyondmachines.net/event_details/critical-command-injection-flaw-reported-in-w3-total-cache-wordpress-plugin-c-x-1-7-2/gD2P6Ple2L

Critical command injection flaw reported in W3 Total Cache WordPress plugin

A critical unauthenticated command injection vulnerability (CVE-2025-9501) in the W3 Total Cache WordPress plugin allows attackers to achieve remote code execution by submitting malicious PHP code through public comments, affecting all versions prior to 2.8.13.

BeyondMachines
RF WaveJan 20, 2025

Security researchers reveal a severe flaw in the #W3TotalCache plugin for #WordPress

The vulnerability is tracked as CVE-2024-12365, and when exploited, can expose potentially sensitive data. The plugin is believed to be installed on over 1 million WordPress sites.

Administrators are advised to patch ASAP

#cybersecurity

https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.

BleepingComputer
Marcel SIneM(S)USJan 19, 2025
#WordPress-Plug-in #W3TotalCache: Potenziell 1 Millionen Websites attackierbar | Security https://www.heise.de/news/WordPress-Plug-in-W3-Total-Cache-Potenziell-1-Millionen-Websites-attackierbar-10246228.html #WordPressPlugin #CMS #ContentManagementSystem #Patchday
WordPress-Plug-in W3 Total Cache: Potenziell 1 Millionen Websites attackierbar

Stimmen die Voraussetzungen, können Angreifer Websites mit dem WordPress-Plug-in W3 Total Cache ins Visier nehmen. Ein Sicherheitspatch ist verfügbar.

heise online
Teddy / Domingo (🇨🇵/🇬🇧)Jan 17, 2025
Encore une #faille dans un plugin #WordPress : 1 million de sites exposés à des fuites de données.
Une #vulnérabilité importante a été découverte dans le plugin #W3TotalCache, module très utilisé par les abonnés #WP pour améliorer les performances de leurs #sitesweb.
https://www.clubic.com/actualite-550556-encore-une-faille-dans-un-plugin-wordpress-1-million-de-sites-exposes-a-des-fuites-de-donnees.html
Encore une faille dans un plugin WordPress : 1 million de sites exposés à des fuites de données

Nouvelle faille critique dans un plugin WordPress ? Tiens, ça faisait presque longtemps.

Clubic.com
Show threadFish in the PercolatorFeb 12, 2023
The results of a deep dive, spending probably way too much time in this, but that's what we do when the stakes are low: #WordPress #ActivityPub and #caching, in particular #W3TotalCache. https://gergely.imreh.net/blog/2023/02/when-wordpress-caching-is-not-what-it-seems/
When WordPress caching is not what it seems - ClickedyClick

Using WordPress blog as a Fediverse node comes with issues when site caching breaks my assumptions.

ClickedyClick
Show threadFish in the PercolatorFeb 11, 2023
Plot thickens with #WordPress #ActivityPub and #W3TotalCache #W3TC plugins interactions. Seems like W3TC's #nginx config is subtly wrong for me multiple ways so it didn't actually direct caching (and it was red herring to modify it, wasting me a an hour or two), but W3TC's internal code redirects to the right generated on-disk file after all (so that's why the "caching" seemed to have worked even with emptied nginx config).
Show threadFish in the PercolatorFeb 11, 2023

@arnandegans so the plugin would need to tell somehow the whole #WordPress instance (or just #W3TotalCache?) not to cache the authors' about page. (when it receives a regular query, return the HTML version, if "application/activity+json" type the the plugin take care of it.

It's an interesting proposition whether that plugin could set up that behaviour. I wonder if it's something down this line: https://wordpress.org/support/topic/disable-caching-for-a-specific-page/ (and thanks for the hint, it seems promising!)

Disable caching for a specific page

[This thread is closed.] Hello and thanks for the wonderful plugin! this might be a dumb question, but I haven’t been able to exclude a page…

WordPress.org Forums
Show threadFish in the PercolatorFeb 11, 2023
@evantd what sort of settings change this would be? I'm using #nginx and #W3TotalCache adds its own config to it (as a generated file that is imported by the main nginx setup). Looking at it, no headers or accepted file types related logic in there.
Any other hints about what do you mean?