Vulnerabilities

CVE-2025-9501

by Fred · 17/11/2025

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

More information : https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/

Similar

Tags: Cybersecurity Alert