CVE-2026-27384

CRITICAL 9.0

WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability

CVSS Score

9.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.

CWE	CWE-1284
Vendor	boldgrid
Product	w3 total cache
Published	Mar 5, 2026
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for boldgrid w3 total cache

Be the first to know when new critical vulnerabilities affecting boldgrid w3 total cache are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BoldGrid / W3 Total Cache

0 ≤ 2.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/w3-total-cache/vulnerability/wordpress-w3-total-cache-plugin-2-9-1-arbitrary-code-execution-vulnerability?_s_id=cve

Credits

CODE WHITE GmbH | Patchstack Bug Bounty Program