"Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw"
Cybersecurity researchers at Patchstack have discovered a significant vulnerability in a WordPress plugin. The vulnerability affects the LiteSpeed Cache plugin, which boasts over 4 million active installations and presents a risk of unauthenticated site-wide stored XSS (cross-site scripting). The researchers noted that this could potentially allow unauthorized access to sensitive information or privilege escalation on affected WordPress sites via a single HTTP request. The researchers said the vulnerability stems from a lack of input sanitization and output escaping in the plugin’s code, combined with improper access control on one of its REST API endpoints. The issue was addressed in version 5.7.0.1 of the plugin, which was assigned CVE-2023-40000. Specifically, the vulnerability resides in the update_cdn_status function, triggered by the cdn_status REST API endpoint, allowing unauthenticated users to exploit the flaw. Users are advised to update their LiteSpeed Cache plugin to the latest version to mitigate the risk. Additionally, the researchers noted that developers are encouraged to implement proper input sanitization and output escaping in their code, particularly for data displayed in admin notices.
Infosecurity Magazine reports: "Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw"