Just today, WP Media pointed us to a high-riskXSS vulnerability in W3 Total Cache (W3TC). This was a very popularWordPress plugin that has over 1 million active installs. Although it’s a very popular plugin, it hasn’t been updated in over six months. We stopped recommending it a while back for WP Rocket , aW3 Total Cache alternative that skyrocketed in use over the past few months.
We agree with Julio’s statement that when you need to explain to other people you haven’t abandoned your plugin , due to questions about that,the clock has already struck midnight.
XSS vulnerabilityLet’s first explain what’s going on here:
XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger behind XSS is that it allows an attacker to inject content into a website and modify how it is displayed, forcing a victim’s browser to execute the code provided by the attacker while loading the page.
Source: SucuriThat’s definitely not what you want your website to do, right? In this case,we are talking about W3TC being vulnerable to a XSS flaw, high risk rated. This one should be fixed asap. With nobody maintaining the plugin, that is a huge issue for the millions of sites that use the plugin.