Today a Cross-Site Scripting(XSS) vulnerability was found on W3 Total Cache which affects current version 0.9.4.1 and all versions before this one.
As it seems W3 Total Cache Developers haven't updated their plugin yet so I suggest to follow the guide below in order to patch your W3TC.
<input type="hidden" name="request_type" value="<?php echo $request_type; ?>" /> <input type="hidden" name="request_id" value="<?php echo $request_id; ?>" /> <input type="hidden" name="payment" value="<?php echo $payment; ?>" />
with
<input type="hidden" name="request_type" value="<?php echo htmlspecialchars($request_type, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="request_id" value="<?php echo htmlspecialchars($request_id, ENT_QUOTES, 'UTF-8'); ?>" /> <input type="hidden" name="payment" value="<?php echo htmlspecialchars($payment, ENT_QUOTES, 'UTF-8'); ?>" />
That should secure your site until W3TC publishes an update which fixes this security issue once and for all.
Source: https://github.com/szepeviktor/fix-w3tc/pull/81
WordPress is a widely popular Content Management System (CMS) that powers over 40% of all…
WordPress is a popular platform that empowers more than 60 million websites worldwide. Millions of…
In this article, we will cover ten crucial WordPress site maintenance tasks that every website…
In this blog article, we will explore the various WordPress security solutions you can implement…
Plugins are an integral part of WordPress, as they offer countless benefits and features that…
In this article, we will explore various strategies that can help you enhance your WordPress…