TechRadar

WordPress plugin with over a million installs may have a worrying security flaw - here's what we know

W3 Total Cache plugin flaw CVE-2025-9501 enables unauthenticated PHP command injection Affects all versions before 2.8.13; ~327,000+ sites remain at risk WPScan PoC exploit set for Nov 24, raising ...