TNC Toolbox Web Performance Plugin Vulnerability

CRITICAL (10.0)
cwe-922cpanel-apiphpsensitive-info-exposuretnc-toolboxwordpress-plugin

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 0.25% chance of exploitation (percentile: 48%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

The TNC Toolbox: Web Performance plugin for WordPress is a popular plugin used to enhance web performance. However, it stores sensitive cPanel API credentials in files within the web-accessible wp-content directory without adequate protection, making them vulnerable to exposure and exploitation.

Am I affected?

Specific version info not stated in the advisory.

How to fix

  1. Contact The Network Crew directly for a patched version - there's no public patch link in the advisory.
  2. Immediate mitigations:
  3. Restrict network access to your TNC Toolbox: Web Performance instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized token creation

References