Vulnerable W3 Total Cache plugin version in use on nextcloud.com
This issue took 3 Days and 4 hours to triage and 21 Days and 2 hours to resolve once triaged.
Discovered by francescocar on Nextcloud
I noticed you are currently using a vulnerable version of W3 Total Cache, as the changelog containing the plugin version is publicly reachable: https://nextcloud.com/wp-content/plugins/w3-total-cache/changelog.txt
W3 Total Cache makes the site vulnerable to a series of attacks, including XSS, CSRF and SSRF.
Update the plugin to the last version (or manually patch the vulnerabilities).
On a separate note, I saw this domain is not eligible for bounty :) But wanted to bring this to your attention the same, being WordPress a common target.
Furthermore, this specific vulnerability could lead to a full website defacement: https://blog.mazinahmed.net/2014/12/w3-total-caches-w3totalfail.html
Best Regards, Francesco
Being the vulnerabilities easy to detect with an external scan, hackers could take advantage of, and use the website to run various malicious activities.