Posted by Fernando A. Lagos Berardi on Sep 21

[+] Description: Cross-Site Scripting vulnerability was found on WordPress
W3 Total Cache (w3tc) plugin.
[+] Plugin Version tested: <= 0.9.4.1 (latest)
[+] WordPress version tested: 4.0.0 – 4.6.1 (latest)

——————————

[+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add
new ticket
[+] Variable: request_id
[+] Method: GET

——————————-

[+] Affected URL:…