WordPress Plugin Vulnerabilities

W3 Total Cache <= 0.9.4 - Debug Mode XSS

Description

If debug mode is enabled an XSS vector exists in the HTML comments.

Affects Plugins

Plugin icon
w3-total-cache
Fixed in 0.9.4.1

References

CVE
CVE-2014-8724

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3eea73af-e0a1-493c-a268-0cf340cb39a4

Timeline

Publicly Published
2014-12-12 (about 11 years ago)
Added
2014-12-12 (about 11 years ago)
Last Updated
2026-04-13 (about 1 month ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress 3.3.2 Cross-Site Scripting (XSS)
Published
2024-08-08
Title
CoBlocks < 3.1.13 - Editor+ Stored XSS
Published
2024-12-18
Title
Auto iFrame < 2.0 - Contributor+ XSS via Shortcode
Published
2021-09-21
Title
St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting
Published
2025-10-21
Title
Reservation < 1.7 - Reflected Cross-Site Scripting