Vulnerability Description
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boldgrid | W3 Total Cache | < 0.9.4 |
References
- http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-ExploitThird Party AdvisoryVDB Entry
- https://vinhjaxt.github.io/2019/03/cve-2019-6715ExploitThird Party Advisory
- http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-ExploitThird Party AdvisoryVDB Entry
- https://vinhjaxt.github.io/2019/03/cve-2019-6715ExploitThird Party Advisory
FAQ
What is CVE-2019-6715?
CVE-2019-6715 is a vulnerability with a CVSS score of 7.5 (HIGH). pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
How severe is CVE-2019-6715?
CVE-2019-6715 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6715?
Check the references section above for vendor advisories and patch information. Affected products include: Boldgrid W3 Total Cache.