Security Advisory

CVE-2025-9501

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-17 06:00:02

Last updated 2025-11-17 19:19:15

Assigner WPScan

State PUBLISHED

Description

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

← Browse all CVEs View on cve.org ↗