A dangerous persistent XSS vulnerability affects the popular WP-Super-Cache plugin. Using a carefully crafted query, an attacker could insert malicious scripts to the plugins cached file listing page. This page requires a valid nonce in order to be displayed, so a successful exploitation would require the site’s administrator to have a look at that particular section, manually. The issue lies in the way the plugin would display information stored in cache file’s key, which is used by the plugin to decide what cache file must be loaded. The vulnerability is fixed in version 1.4.4.”]
Source: https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html