CVE-2024-12008

MEDIUM NUCLEI

W3 Total Cache <= 2.8.1 - Unauthenticated Sensitive Information Exposure via Debug Log File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12008. PoCs published by spyata123. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only a minimal README with a CVE title and no technical details, exploit code, or analysis. It appears to be a placeholder without substantive content.

Description

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.

Exploits (1)

nomisec STUB

by spyata123 · poc

https://github.com/spyata123/CVE-2024-12008-information-exposure-vulnerability-in-W3-Total-Cache

View Code ZIP pw:eip

The repository contains only a minimal README with a CVE title and no technical details, exploit code, or analysis. It appears to be a placeholder without substantive content.

Classification

Stub 90%

Attack Type

Info Leak

Complexity

Theoretical

Reliability

Theoretical

Target: W3 Total Cache (version unspecified)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

W3 Total Cache < 2.8.2 - Log File Exposure

MEDIUMVERIFIEDby ritikchaddha

Shodan: http.component:"WordPress" http.component:"W3 Total Cache"

FOFA: app="WordPress-W3-Total-Cache"

References (3)

Core 3

Core References

Patch

https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Debug.php#L29

Patch

https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.8.0/Util_Environment.php#L430

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve

Scores

CVSS v3 5.3

EPSS 0.0203

EPSS Percentile 78.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

boldgrid/W3 Total Cache < 2.8.1

boldgrid/w3_total_cache < 2.8.2

Published Jan 14, 2025

Tracked Since Feb 18, 2026