Browse all 4 CVE security advisories affecting W3speedster. AI-powered Chinese analysis, POCs, and references for each vulnerability.
W3speedster is a WordPress plugin designed to optimize website performance through caching and minification of CSS, JavaScript, and HTML files. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and improper file handling. The plugin has accumulated four CVE records, with vulnerabilities allowing attackers to execute arbitrary code, escalate privileges, or inject malicious content. While no major public incidents have been widely documented, its vulnerability history indicates consistent security weaknesses that could compromise affected websites if not promptly patched.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-23765 | WordPress W3SPEEDSTER plugin <= 7.33 - Cross Site Request Forgery (CSRF) vulnerability — W3SPEEDSTERCWE-352 | 4.3 | Medium | 2025-01-16 |
| CVE-2024-52392 | WordPress W3SPEEDSTER plugin <= 7.25 - Cross Site Request Forgery (CSRF) vulnerability — W3SPEEDSTERCWE-352 | 6.3 | Medium | 2024-11-19 |
| CVE-2024-8512 | W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution — W3SPEEDSTERCWE-95 | 9.1 | Critical | 2024-10-30 |
| CVE-2024-24708 | WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF) — W3SPEEDSTERCWE-352 | 4.3 | Medium | 2024-02-28 |
This page lists every published CVE security advisory associated with W3speedster. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.