A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk.
The vulnerability allows attackers to take complete control of affected websites without needing any login credentials.
Field Value
CVE ID CVE-2025-9501
Plugin Name W3 Total Cache
Affected Versions Before 2.8.13
Fixed Version 2.8.13+
Vulnerability Type Unauthenticated Command Injection
CVSS Score 9.0
CVSS Severity Critical
The Vulnerability Explained
https://gbhackers.com/w3-total-cache-se ... erability/