Product
An unauthenticated directory traversal vulnerability (CVE-2026-9282) in all versions up to 2.9.4 of the W3 Total Cache plugin for WordPress allows attackers to read arbitrary files by manipulating the minify filename when manual minify mode is enabled.