Information disclosure race condition in W3 Total Cache WordPress Plugin


Description   This issue allows an attacker to hijack sensitive information, such as the administrator's session cookie. Exploiting the vulnerability is possible during a short period of time when an administrator submits the support form.
     
Default
configuration 		 
Profiles High Medium Low Internet
Action Block Block Block Block
Alarm Level Major Minor Minor Minor
     
References   URL: https://sumofpwn.nl/advisory/2016/information_disclosure_race_condition_in_w3_total_cache_wordpress_plugin.html
     
Available since   ASQ v5.0.0
     
Protects   WordPress Third-Party Modules Multiple Vulnerabilities
100 last CVE   CVE-2016-6565


 
 
 
 
 Risk level 
High