CVE-2024-12008

Name of the Vulnerable Software and Affected Versions W3 Total Cache plugin for WordPress versions 2.8.1 and earlier

Description The issue allows unauthenticated attackers to view potentially sensitive information in the exposed log file, which may contain nonce values that can be used in further CSRF attacks. This is possible through the publicly exposed debug log file. Note that the debug feature must be enabled for this to be a concern, and it is disabled by default.

Recommendations For versions 2.8.1 and earlier, as a temporary workaround, consider disabling the debug feature until a patch is available. Restrict access to the debug log file to minimize the risk of exploitation. Avoid using the W3 Total Cache plugin with the debug feature enabled until the issue is resolved.