cbcvebase.
CVE-2014-9414
published 2014-12-24

CVE-2014-9414: The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request…

PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.36%
68.2th percentile
The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
boldgridw3_total_cache<= 0.9.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.