Secure W3 Total Cache Cross-Site Scripting(XSS) Vulnerability

Today a Cross-Site Scripting(XSS) vulnerability was found on W3 Total Cache which affects current version 0.9.4.1 and all versions before this one.

As it seems W3 Total Cache Developers haven't updated their plugin yet so I suggest to follow the guide below in order to patch your W3TC.

Notice: This XSS Vulnerability can be exploited only when a user is logged in as an admin.

How to Guide Securing W3 Total Cache Cross-Site Scripting(XSS) Vulnerability

  • Create a backup of W3 Total Cache
  • Connect to your site files directory through your File Manager or an FTP Client
  • Edit file found at /wp-content/plugins/w3-total-cache/inc/options/support/form.php
    Replace lines 21-22-23

    <input type="hidden" name="request_type" value="<?php echo $request_type; ?>" />
    <input type="hidden" name="request_id" value="<?php echo $request_id; ?>" />
    <input type="hidden" name="payment" value="<?php echo $payment; ?>" />
    

    with

    <input type="hidden" name="request_type" value="<?php echo htmlspecialchars($request_type, ENT_QUOTES, 'UTF-8'); ?>" />
    <input type="hidden" name="request_id" value="<?php echo htmlspecialchars($request_id, ENT_QUOTES, 'UTF-8'); ?>" />
    <input type="hidden" name="payment" value="<?php echo htmlspecialchars($payment, ENT_QUOTES, 'UTF-8'); ?>" />
    
  • Save and close the file

That should secure your site until W3TC publishes an update which fixes this security issue once and for all.

Source: https://github.com/szepeviktor/fix-w3tc/pull/81

Makis Mourelatos

WordPress Security Engineer at FixMyWP
WC Athens 2016 co-organizer, WP Support and Security Aficionado, Wannabe Kitesurfer.

Leave a Reply

Your email address will not be published. Required fields are marked *