CVE-2026-27384
Received Received - Intake
Improper Input Validation in W3 Total Cache Enables Unauthorized Access

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: Patchstack

Description
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27384
EUVD
EUVD-2026-9637
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
boldgrid w3_total_cache to 2.9.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27384 is an Arbitrary Code Execution vulnerability in the WordPress W3 Total Cache plugin, affecting versions up to and including 2.9.1.

The vulnerability arises from improper validation of specified quantity in input, allowing an unauthenticated attacker to remotely execute malicious code on a vulnerable site.

It falls under the OWASP Top 10 category A3: Injection.

Impact Analysis

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary malicious code on your WordPress site if you are using the vulnerable W3 Total Cache plugin version.

Such an attack can compromise the integrity, confidentiality, and availability of your website and its data.

Despite the high CVSS score of 9 indicating severe potential impact, the issue is considered low priority by Patchstack due to its low severity impact and the unlikelihood of exploitation.

Compliance Impact

I don't know

Detection Guidance

There is no specific detection method or commands provided for identifying this vulnerability on your network or system.

Mitigation Strategies

Since no official patch is currently available for this vulnerability, users are advised to monitor for updates and apply mitigations as provided by security services like Patchstack.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart