Title: Vulnerability reported on Patchstack Last modified: March 11, 2026 --- # Vulnerability reported on Patchstack * Resolved [Joanna](https://wordpress.org/support/users/joannacraig/) * (@joannacraig) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/) * Patchstack has located a vulnerabiilty in versions below and including 2.9.1. * When will a fix be issued please? Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Contributor [Marko Vasiljevic](https://wordpress.org/support/users/vmarko/) * (@vmarko) * [1 month, 2 weeks ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18833766) * Hello, * Thank you for reaching out and thank you for taking the time to report this. * We’ve checked this and confirmed. This security issue has a low severity impact, hwoever we are aware of this and working on a fix that will be released as soon as possible. Thank you again for reporting this, and this will be patched soon! * Thanks! * [368durham](https://wordpress.org/support/users/368durham/) * (@368durham) * [1 month, 1 week ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18843232) * From what I gather the listed update addresses two security vulnerabilities * Fix: Patch broken access control for Image Service AJAX operations Fix: Patch mfunc security vulnerabilityOne of these security vulnerabilities is a lower threat and was what the thread is about. It is rated as a low severity by Patchstack. * The other vulnerability is new and has not been fully disclosed. It has a VERY high rating of 9.8 and is recommended to update your website immediately or if not possible, disable the plugin. [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-291-unauthenticated-arbitrary-code-execution](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-291-unauthenticated-arbitrary-code-execution) Currently it has not been confirmed if 2.9.2 solves this issue above as we wait for WordFence & Patchstack to update the database. * Plugin Contributor [Marko Vasiljevic](https://wordpress.org/support/users/vmarko/) * (@vmarko) * [1 month, 1 week ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18843235) * Hello [@gmariani405](https://wordpress.org/support/users/gmariani405/) [@dharma23](https://wordpress.org/support/users/dharma23/) * Thank you for reaching out and I am sorry about the issues you have had with posting the comments. I would like to assure you that only the Forum moderators or staff have the authority to remove or edit posts. No plugin contributors or moderators are allowed or have any ability to do this![@jdembowski](https://wordpress.org/support/users/jdembowski/) Can you please share any insights on this? * The vulnerability report issue was fixed in the latest 2.9.2 patch, so please make sure to update the plugin to the latest release and let me know if you are still experiencing reports for vunerability * [@beee](https://wordpress.org/support/users/beee/) I am sorry about the issue you experienced after the update. I’ve updated the plugin in all of our instances and have not experienced any crashes. Possibly some files did not update correctly. Can you pelase let me know if you can try again or update the plugin manually? Can you please clarify the issue and share the website URL so I can check this for you? * Thanks! * Moderator [Support Moderator](https://wordpress.org/support/users/moderator/) * (@moderator) * [1 month ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18847992) * If you are not the original person reporting their problem then please do not add “I have this problem too”. Those many replies have been removed. * To keep things organized and make sure you get the best support, we ask that each person open their own topic rather than adding to someone else’s. * The forum guidelines explain why here: * [https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too](https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too) * You can subscribe to a topic in the sidebar via the “Subscribe” link. * If you need support then please start your own topic. If this continues then this topic will be closed. * Moderator [Support Moderator](https://wordpress.org/support/users/moderator/) * (@moderator) * [1 month ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18847993) * > **The vulnerability report issue was fixed in the latest 2.9.2 patch**, so > please make sure to update the plugin to the latest release and let me know > if you are still experiencing reports for vunerability * Then this topic is closed. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Vulnerability reported on Patchstack’ is closed to new replies. * ![](https://ps.w.org/w3-total-cache/assets/icon-256x256.png?rev=1041806) * [W3 Total Cache](https://wordpress.org/plugins/w3-total-cache/) * [Frequently Asked Questions](https://wordpress.org/plugins/w3-total-cache/#faq) * [Support Threads](https://wordpress.org/support/plugin/w3-total-cache/) * [Active Topics](https://wordpress.org/support/plugin/w3-total-cache/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/w3-total-cache/unresolved/) * [Reviews](https://wordpress.org/support/plugin/w3-total-cache/reviews/) * 9 replies * 7 participants * Last reply from: [Support Moderator](https://wordpress.org/support/users/moderator/) * Last activity: [1 month ago](https://wordpress.org/support/topic/vulnerability-reported-on-patchstack/#post-18847993) * Status: resolved