CVE-2019-6715

HIGH NUCLEI

W3 Total Cache <0.9.4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-6715. PoCs published by random-robbie, spyata123. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Go-based scanner for CVE-2019-6715, an arbitrary file read vulnerability in the W3 Total Cache WordPress plugin. The exploit sends a crafted JSON payload to the vulnerable endpoint to confirm susceptibility.

Description

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.

Exploits (2)

nomisec WORKING POC 11 stars

by random-robbie · poc

https://github.com/random-robbie/cve-2019-6715

View Code ZIP pw:eip

This repository contains a Go-based scanner for CVE-2019-6715, an arbitrary file read vulnerability in the W3 Total Cache WordPress plugin. The exploit sends a crafted JSON payload to the vulnerable endpoint to confirm susceptibility.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: W3 Total Cache WordPress plugin versions 0.9.2.6 to 0.9.3

No auth needed

Prerequisites: Target must have W3 Total Cache plugin version 0.9.2.6 to 0.9.3 installed · Vulnerable endpoint must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by spyata123 · poc

https://github.com/spyata123/W3TotalChache

View Code ZIP pw:eip

This repository contains a Python script that tests for CVE-2019-6715 (arbitrary file read) and CVE-2024-12365 (SSRF/info disclosure) in W3 Total Cache. It exploits a directory traversal vulnerability via a crafted JSON payload to read arbitrary files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: W3 Total Cache <= 2.8.1

No auth needed

Prerequisites: Target running W3 Total Cache with vulnerable version · Access to the plugin's endpoint

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal

HIGHby randomrobbie

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://vinhjaxt.github.io/2019/03/cve-2019-6715

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html

Scores

CVSS v3 7.5

EPSS 0.1940

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

boldgrid/w3_total_cache < 0.9.4

Published Apr 01, 2019

Tracked Since Feb 18, 2026