CVE-2025-9501 - Geek Feed

Security
Tech News

W3 Total Cache WordPress plugin vulnerable to PHP command injection

November 22, 2025November 22, 2025 geekfeed0Tagged Code Execution, Command Injection, CVE-2025-9501, exploit, Plugin, Proof of Concept, Remote Code Execution, wordpress

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as CVE-2025-9501, affects all versions of the W3TC plugin prior to 2.8.13 and is described as an unauthenticated command injection. W3TC is installed on more than […]

2 mins read