Update Our team has now applied patches to all instances of the W3 Total Cache plugin across our managed systems where the update was possible based on the current WordPress and PHP version requirements. In some environments, the patch could not be applied as the underlying WordPress or PHP versions do not meet the minimum compatibility requirements for the updated plugin, or due to other configuration limitations. These instances will require updates at the application or environment level before the plugin can be upgraded. For cases where the patch could not be applied for the reasons mentioned above, we will be reaching out to the affected clients directly with additional details and recommended next steps.
Recommended Action Clients with sites running W3 Total Cache version 2.9.1 or earlier are strongly advised to update to the patched version 2.9.2 as soon as possible. Where the plugin update is not currently possible due to WordPress or PHP version constraints, we recommend upgrading WordPress and/or PHP first, and then completing the update to W3 Total Cache version 2.9.2 or later at the earliest opportunity.
If you require assistance with upgrading your environment or applying the update, please contact our support team, who will be happy to assist. We will continue to monitor this matter and will provide further updates here should any additional actions be required.
Posted Mar 09, 2026 - 05:17 EDT
Identified
Our team is currently applying patches to instances of outdated W3 Total Cache plugins identified across our managed systems where the update is viable based on the WordPress and PHP version requirements.
Recommended Action
We strongly encourage all clients to update any sites running W3 Total Cache version 2.9.1 or earlier to the patched version 2.9.2 immediately.
For environments where the current WordPress or PHP version does not meet the plugin's update requirements, we strongly recommend upgrading WordPress and/or PHP first from your end, and then updating the W3 Total Cache plugin to version 2.9.2 or later at the earliest opportunity.
We will continue to update this space as we make further progress. If you have any questions or require assistance with the update, please do not hesitate to contact our Support Team.
Posted Mar 09, 2026 - 01:37 EDT
Investigating
We have been made aware of a critical vulnerability, CVE-2026-27384, affecting versions equal to or less than 2.9.1, of the WordPress W3 Total Cache plugin.
Recommended Action We strongly encourage all clients to update any sites running versions 2.9.1 or older to the patched version 2.9.2 immediately.
Current Status Exploit Availability: There are currently no known public Proof of Concept (PoC) exploits for this vulnerability.
Our team is assessing the impact on our managed sites and evaluating the deployment of necessary patches across our managed systems.
We will provide further updates as they become available. If you have any questions or require assistance with the update, please reach out to our support team.
Posted Mar 06, 2026 - 13:23 EST
This incident affects: Platform Operations (Platform Updates / Other).