CVE-2026-9282
W3 Total Cache <= 2.9.4 - Unauthenticated Arbitrary File Read via 'f_array[]' Parameter
CVSS Score
7.5
EPSS Score
0.7%
EPSS Percentile
48th
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Exploitation requires enabling manual minify mode and supplying a manual-format minify filename so that the hash is empty and the f_array[] entries are not overwritten before reaching setupSources().
| CWE | CWE-22 |
| Vendor | boldgrid |
| Product | w3 total cache |
| Published | Jul 11, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for boldgrid w3 total cache
Be the first to know when new high vulnerabilities affecting boldgrid w3 total cache are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
boldgrid / W3 Total Cache
0 โค 2.9.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e92cc06d-006f-4bba-a4ef-b23d80c00085?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.9.4/lib/Minify/Minify/Controller/MinApp.php#L163 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.9.4/lib/Minify/Minify/Controller/MinApp.php#L109 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.9.4/Minify_MinifiedFileRequestHandler.php#L191 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/w3-total-cache/tags/2.9.4/Minify_Plugin.php#L132 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?reponame=&old=3585227%40w3-total-cache&new=3585227%40w3-total-cache
Credits
snr