W3 Total Cache Vulnerable to XSS – High Risk
W3 Total Cache aka W3TC is a famous caching plugin, created on 2009 by Frederick Townes. W3TC is known by everyone in the WordPress community and it’s a recommended plugin, it’s always in the top 5 caching plugins, always in good posts about performance, and even in books. W3TC and Durability
Few months ago, on Marth 2016, Frederick has to post an explanation on WPTavern saying that his plugin was not abandoned, I personally think that if you need to post this, your plugin is already abandoned. At the moment of this post, the code of the plugin has not been updated since one year, and the support has not been done by the author itself. Only users helping each others, which is cool.
W3TC and Web Security
Like every plugin, an author can encounter some security issues, usually reported respecting a non disclose clause from the security consultant or team. As you browse all the changelogs, you can see how many security issues has been fixed during the last years, which is also cool.
But today W3TC is vulnerable to a XSS flaw, high risk rated. So, what’s next? Who will fix the issue in the repository? You may know (or not) that this plugin exists on github and has been
Source: https://managewp.org/articles/13456/w3-total-cache-vulnerable-to-xss-high-risk
source https://williechiu40.wordpress.com/2016/09/23/w3-total-cache-vulnerable-to-xss-high-risk/