0.9.4.1 version vulnerable to XSS

here the fix https://github.com/szepeviktor/fix-w3tc/pull/81

W3TC needs to push the fix to the plugin in the repo so it will flag in the dashboards of the million+ people who use it.

Is this plugin dead?

Last update was 6 months ago, no stated support for WP 4.6.

Last blog post on his site was a year ago.

Security vulnerability revealed on 21.9.2016 and no word of an update.

Please fix this, lots of sites are depending on it.

• This reply was modified 8 years, 6 months ago by Eric Karkovack.

I’ve been told the free version of Wordfence blocks this vulnerability.
Discussion on issue at FB group Advanced WordPress.

@jason Lasky is it confirm that WordFence Free version can block the issue?

Anyway about w3 Total Cache seems to be abandon by the author. He only pop up whenever he want.

• This reply was modified 8 years, 6 months ago by wvpalarao.

I don’t think those fix could be officially merged this easy. There are actually many reported bugs in the present version available at .org. I am not sure how Core Team is going to handle it. Here I wrote a step-by-step guide that will update and fix the plugin, and will add those fix and new feature from github repo.