CVE-2023-5359
published 2024-09-25CVE-2023-5359: The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.80%
52.0th percentile
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boldgrid | w3_total_cache | < 2.7.6 | 2.7.6 |
| boldgrid | w3_total_cache | <= 2.7.5 | — |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_extended_stable | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8w9v-r586-45j6: The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2
ghsa_unreviewed·2024-09-25
CVE-2023-5359 [LOW] CWE-200 GHSA-8w9v-r586-45j6: The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
Microsoft
Chromium: CVE-2023-0471 Use after free in WebTransport
vendor_msrc·2023-01-10·CVSS 8.8
CVE-2023-0471 [HIGH] Chromium: CVE-2023-0471 Use after free in WebTransport
Chromium: CVE-2023-0471 Use after free in WebTransport
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
109.0.1343.27
109.0.5414.119/.120
1/26/2023
Extended Stable
108.0.1293.81
108.0.5359.215
1/26/2023
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Chrome: Chrome
Customer Action Required: Yes
Exploit Status: DOS:N/A
Remediation: Release Notes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-25
Published