"Single HTTP Request Can Exploit 6M WordPress Sites"

The popular "LiteSpeed Cache" WordPress plug-in, installed over 6 million times, is impacted by a Cross-Site Scripting (XSS) flaw that allows attackers to escalate privileges and install malicious code. The flaw was discovered by security researcher "TaiYou" in LiteSpeed Cache, the most popular caching plug-in for the WordPress Content Management System (CMS). Patchstack reports that the XSS vulnerability could allow an unauthenticated user to steal sensitive information and escalate privileges on the WordPress site with a single HTTP request. This article continues to discuss the exposure of the LiteSpeed Cache plug-in to unauthenticated privilege escalation via a dangerous XSS flaw.

Dark Reading reports "Single HTTP Request Can Exploit 6M WordPress Sites"

Submitted by grigby1
 

Submitted by Gregory Rigby on