LiteSpeed Cache Plugin Exposes 5 Million WordPress Sites to Privilege Escalation

A critical security vulnerability has been unveiled in the LiteSpeed Cache plugin for WordPress, posing a significant risk of privilege escalation for unauthenticated users. Tracked as CVE-2023-40000, this vulnerability was addressed in October 2023 with the release of version 5.7.0.1 of the plugin.

According to Patchstack researcher Rafie Muhammad, the vulnerability exposes WordPress sites to unauthenticated site-wide stored cross-site scripting (XSS) attacks. This could potentially allow any unauthorized user to steal sensitive information and escalate their privileges on the affected WordPress site with a single HTTP request.

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

LiteSpeed Cache, utilized to enhance site performance, boasts over five million installations. Despite the patch released in October 2023, the latest version of the plugin, 6.1, was rolled out on February 5, 2024.

The vulnerability, as explained by Patchstack, stems from a lack of input sanitization and output escaping in a function named update_cdn_status(). This flaw can be exploited even in a default installation of the plugin.

Muhammad further elucidates that since the XSS payload is injected as an admin notice, it can be displayed on any wp-admin endpoint, making it susceptible to exploitation by any user with access to the wp-admin area.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link