CVE-2023-5359

Name of the Vulnerable Software and Affected Versions W3 Total Cache plugin for WordPress versions up to, and including, 2.7.5

Description The issue allows unauthenticated attackers to expose sensitive information, specifically Google OAuth API secrets stored in plaintext in the plugin source. This can enable attackers to impersonate W3 Total Cache and access user account information under certain conditions. However, this does not impact the WordPress user's site.

Recommendations For versions up to, and including, 2.7.5, update to a version later than 2.7.5 to resolve the issue. As a temporary workaround, consider restricting access to the Google OAuth API secrets until a patch is available.