Intel/AIKIDO-2025-10824
W3 Total Cache
AIKIDO-2025-10824
W3 Total Cache is vulnerable to Command Injection
Command InjectionCVE-2025-9501 Published Nov 19, 2025
90
Critical Risk
This Affects:
W3 Total Cache0.0.1 - 2.8.12
Fixed in 2.8.13Are you affected? Scan for Free
TL;DR
Affected versions of the W3 Total Cache plugin are vulnerable to command injection in the _parse_dynamic_mfunc function, allowing unauthenticated users to execute arbitrary PHP code by submitting a comment containing a crafted malicious payload on a post.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
W3 Total Cache is vulnerable to Command Injection in versions 0.0.1 - 2.8.12.
How to fix this
Upgrade the W3 Total Cache library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant