XSS threat in the LiteSpeed Cache plugin on WordPress: millions of sites at risk.
A study published by Patchstack has found an XSS vulnerability in the LiteSpeed Cache plugin for WordPress under the identifier CVE-2023-40000. The vulnerability is related to the ability to store data on a website in the form of XSS code without requiring user authentication. This means that an attacker can use this vulnerability to steal sensitive information or escalate their privileges on a WordPress site with just a single HTTP request. The LiteSpeed Cache plugin (free version) is a popular cache plugin for WordPress and has over 4 million active installations.
The vulnerability is related to the 'update_cdn_status' function as it uses input from the user without sufficient filtering and secure processing.
The vulnerability was fixed in version 5.7.0.1, released in October 2023. Developers have also added permission checking for the update_cdn_status function, restricting access to privileged users only. Users are advised to update the plugin to the latest version to fix the vulnerability.
Tags
Comment
Popular Posts
Subscribe to the newsletter from Hatamatata.ru!
Subscribe to the newsletter from Hatamatata.ru!
I agree to the processing of personal data and confidentiality rules of Hatamatata