LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack

A essential vulnerability has been stumbled on in the LiteSpeed Cache plugin, a favored WordPress plugin assign in on over 4 million net sites.

This flaw, identified as a saved Contaminated-Characteristic Scripting (XSS) vulnerability, poses a predominant probability to hundreds and hundreds of net sites, potentially permitting attackers to abet out malicious scripts.

This vulnerability, identified as CVE-2023-40000, explicitly impacts variations of the plugin up to five.6 and changed into once promptly addressed by the LiteSpeed Technologies crew with a patch released in model 5.7.0.11.

The XSS flaw arises from the plugin’s failure to properly sanitize user enter, in particular in facing the update_cdn_status characteristic, Rafie Muhammad of Pathstack mentioned.

This characteristic, which updates the Auto CDN Setup procedure, did no longer adequately test the enter from customers, ensuing in the different of executing unsanitized code.

The vulnerability is extra compounded by insufficient compile entry to abet watch over on one among the plugin’s REST API endpoints, permitting unauthenticated customers potentially to use this flaw.

Given the neatly-liked use of the LiteSpeed Cache plugin, the affect of this vulnerability can’t be overstated. Net sites that fail to exchange to the patched model remain in probability of data theft, unauthorized compile entry to, and other malicious actions.

The LiteSpeed Cache plugin is well-liked for its server-level cache and optimization aspects, making it a essential factor for quite a lot of WordPress sites searching out out to give a rob to efficiency.

“Fresh that this vulnerability is reproducible in a default set up and activation of the LiteSpeed Cache plugin with no particular requirement or configuration,” reads the document.

Strategies for Users

Users of the LiteSpeed Cache plugin are strongly told to exchange to model 5.7.0.1 or later straight. For these concerned about future vulnerabilities, products and companies adore Patchstack provide precise-time protection and vulnerability notifications for WordPress plugins, alongside with LiteSpeed Cache.

Patchstack presents a bunch of plans, alongside with a free neighborhood opinion, to serve web page house owners steer clear of seemingly security threats.

The discovery of the XSS vulnerability in the LiteSpeed Cache plugin serves as a reminder of the constant vigilance required to stable WordPress sites.

Whereas the urged patching of the flaw by LiteSpeed Technologies has mitigated the rapid probability, web page house owners must compile certain their sites are updated to lead clear of falling sufferer to such vulnerabilities.

With over 4 million sites potentially affected, this vulnerability highlights the importance of fashioned updates and security monitoring for all WordPress plugins.

That that you simply must block malware, alongside with Trojans, ransomware, spyware and adware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extraordinarily fallacious, can wreak havoc, and injury your community.

Discontinue updated on Cybersecurity data, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.