How To Fix W3 Total Cache High-risk XSS Vulnerability
If you are one of the Million+ users of W3 Total Cache, the most famous WordPress Free Caching plugin, your day probably started bad reading the High-risk Vulnerability report in the wild. And this plugin is unofficially abandoned, so millions of website left in the dark. There are some alternative, but if somehow you don’t want to, or can’t update, here I will share you a fixed version, which not only will fix the vulnerability but will deliver even better performance as well. This is a very sad situation when a popular plugin, with millions of download and even had premium version and support, are abandoned. And even after Vulnerability this big, the developer is nowhere to be found.
There is a free plugin like WP Super Cache and several others, but there are many reasons why W3 Total Cache got this popularity. There is also the newest Premium Only player WP Rocket in the field. But if for some reason (there could be several actually) W3 Total Cache is still the best option for you, you are in a kind of deep issue.
As there is no official update, what do you do? Hacked could try this opportunity any time. Many are thinking to remove W3TC entirely, but that will cause a
Source: https://managewp.org/articles/13462/how-to-fix-w3-total-cache-high-risk-xss-vulnerability
source https://williechiu40.wordpress.com/2016/09/24/how-to-fix-w3-total-cache-high-risk-xss-vulnerability/