By Month

Dec 2025 Nov 2025 Oct 2025 Sept 2025 May 2025 Apr 2025 Mar 2025 Feb 2025 Jan 2025 Nov 2024 Older Announcements...   View RSS Feed

  By Month

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

Urgent Upcoming w3-total-cache Plugin Update

  • Saturday, 22nd November, 2025
  • 12:00pm

 

We are reaching out to inform you of an important security update for the w3-total-cache plugin.

More information can be found here:
https://portal.thobson.com/knowledgebase/2384/W3-Total-Cache-andlt-2.8.13---Unauthenticated-Command-Injection.html

A critical vulnerability has been disclosed in the W3 Total Cache WordPress plugin affecting versions below 2.8.13. This issue (CVE-2025-9501) is a command injection vulnerability that can be exploited without authentication via the _parse_dynamic_mfunc function by submitting a specially crafted comment, potentially allowing remote code execution on affected sites.
The vulnerability is rated CVSS 9.0 (Critical), and a fixed version is available in W3 Total Cache 2.8.13 and later.

To ensure the continued security and stability of the plugin, we will be rolling out this update on sites where the plugin version is 2.8.13 or older, which are present on this account. We do not anticipate any downtime during this process.
No action is required from your side at this time. Our team will monitor the update closely to ensure your sites remain fully functional after the update.

We understand that uptime is critical and appreciate your cooperation as we take this proactive measure to protect your systems from potential threats.
If you have any questions, please reply to this case.


Thank you for your understanding and partnership.

« Back

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

We're here to help.

We're got you back 24x7x365

CHAT ON WHATSAPP

CONTACT

KNOWLEDGE BASE