CVE-2023-5359

CVSS V2 None CVSS V3 None

Description

The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.

Overview

CVE ID
CVE-2023-5359

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-09-24T07:30:45.348Z

Last Modified Date
2024-09-24T13:37:04.524Z

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d89a534-978e-4fd8-be3a-5137bdc22dc9?source=cve
https://plugins.trac.wordpress.org/browser/w3-total-cache/trunk/PageSpeed_Api.php#L39
https://plugins.trac.wordpress.org/changeset/3156426/w3-total-cache/tags/2.7.6/PageSpeed_Api.php

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5359
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5359

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 10:30:45				Added to TrackCVE