CVE-2021-24436

Name of the Vulnerable Software and Affected Versions W3 Total Cache WordPress plugin versions prior to 2.1.4

Description The issue is related to a reflected Cross-Site Scripting (XSS) security vulnerability. This vulnerability is located within the extension parameter in the Extensions dashboard. The parameter's output is not properly escaped, which could allow an attacker to run malicious JavaScript within a user's web browser if they can convince an authenticated admin to click a link. This could potentially lead to full site compromise.

Recommendations For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Extensions dashboard to minimize the risk of exploitation. Avoid using the extension parameter in the affected dashboard until the issue is resolved.