W3 Total Cache Security Vulnerability Exposes One Million WordPress Sites to RCE
Posted: Sat Nov 22, 2025 7:27 am
A critical security flaw has been discovered in the widely used W3 Total Cache WordPress plugin, putting over 1 million websites at serious risk.
The vulnerability allows attackers to take complete control of affected websites without needing any login credentials.
Field Value
CVE ID CVE-2025-9501
Plugin Name W3 Total Cache
Affected Versions Before 2.8.13
Fixed Version 2.8.13+
Vulnerability Type Unauthenticated Command Injection
CVSS Score 9.0
CVSS Severity Critical
The Vulnerability Explained
https://gbhackers.com/w3-total-cache-se ... erability/
The vulnerability allows attackers to take complete control of affected websites without needing any login credentials.
Field Value
CVE ID CVE-2025-9501
Plugin Name W3 Total Cache
Affected Versions Before 2.8.13
Fixed Version 2.8.13+
Vulnerability Type Unauthenticated Command Injection
CVSS Score 9.0
CVSS Severity Critical
The Vulnerability Explained
https://gbhackers.com/w3-total-cache-se ... erability/