A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps.

The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking.

The flaw is tracked as CVE-2024–12365 despite the developer releasing a fix in the latest version of the product, hundreds of thousands of websites have still to install the patched variant.