Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
CVE-2026-57623: W3 Total Cache Plugin on WordPress Can Run Malicious Code
CVE-2026-57623
CVE-2026-57623
Summary
An outdated version of the W3 Total Cache plugin on WordPress websites can allow hackers to execute malicious code. This is a serious issue because it could lead to unauthorized access to sensitive data or even take control of the website. Update the plugin to the latest version to fix this vulnerability.
What to do
- Update boldgrid w3 total cache to version 2.10.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| wordpress | boldgrid | w3 total cache |
<= 2.9.4 Fix: upgrade to 2.10.0
|
Original title
WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability
Original description
Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.
patchstack CVSS3.1
9.0
Vulnerability type
CWE-1284
Published: 2 Jul 2026 · Updated: 2 Jul 2026 · First seen: 2 Jul 2026