Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin prior to 0.9.4.1 for WordPress, when debug mode is enabled, allows remote malicious users to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boldgrid w3 total cache |