CVE-2026-5032

Name of the Vulnerable Software and Affected Versions W3 Total Cache versions up to and including 2.9.3

Description The W3 Total Cache plugin for WordPress is susceptible to information disclosure. The plugin bypasses its output buffering and processing when the User-Agent header contains "W3 Total Cache", leading to the rendering of raw mfunc/mclude dynamic fragment HTML comments, including the W3TC DYNAMIC SECURITY security token, in the page source. This allows unauthenticated attackers to discover the value of the W3TC DYNAMIC SECURITY constant by sending a crafted User-Agent header to pages with enabled fragment caching.

Recommendations Update W3 Total Cache to a version later than 2.9.3.