Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

The Hacker News
#sql#xss#vulnerability#web#git#java#wordpress#rce#auth#The Hacker News

Website Security / Vulnerability

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.

The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.

It was addressed in version 6.5.1 on September 25, 2024, following responsible disclosure by Patchstack Alliance researcher TaiYou.

“It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request,” Patchstack said in a report.

The flaw stems from the manner in which the plugin the “X-LSCACHE-VARY-VALUE” HTTP header value is parsed without adequate sanitization and output escaping, thereby allowing for injection of arbitrary web scripts.

That said, it’s worth pointing out that the Page Optimization settings “CSS Combine” and “Generate UCSS” are required to enable the exploit to be successful.

Also called persistent XSS attacks, such vulnerabilities make it possible to store an injected script permanently on the target website’s servers, such as in a database, in a message forum, in a visitor log, or in a comment.

This causes the malicious code embedded within the script to be executed every time an unsuspecting site visitor lands on the requested resource, for instance, the web page containing the specially crafted comment.

Stored XSS attacks can have serious consequences as they could be weaponized to deliver browser-based exploits, steal sensitive information, or even hijack an authenticated user’s session and perform actions on their behalf.

The most damaging scenario is when the hijacked user account is that of a site administrator, thereby allowing a threat actor to completely take control of the website and stage even more powerful attacks.

WordPress plug-ins and themes are a popular avenue for cybercriminals looking to compromise legitimate websites. With LiteSpeed Cache boasting over six million active installations, flaws in the plugin pose a lucrative attack surface for opportunistic attacks.

The latest patch arrives nearly a month after the plugin developers addressed another flaw (CVE-2024-44000, CVSS score: 7.5) that could allow unauthenticated users to take control of arbitrary accounts.

It also follows the disclosure of an unpatched critical SQL injection flaw in the TI WooCommerce Wishlist plugin (CVE-2024-43917, CVSS score: 9.8) that, if successfully exploited, permits any user to execute arbitrary SQL queries in the database of the WordPress site.

Another critical security vulnerability concerns the Jupiter X Core WordPress plugin (CVE-2024-7772, CVSS score: 9.8) that allows unauthenticated attackers to upload arbitrary files on the affected site’s server, potentially leading to remote code execution.

It has been fixed in version 4.7.8, along with a high-severity authentication bypass flaw (CVE-2024-7781, CVSS score: 8.1) that “makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts,” Wordfence said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

Single HTTP Request Can Exploit 6M WordPress Sites

The popular LiteSpeed Cache plug-in is vulnerable to unauthenticated privilege escalation via a dangerous XSS flaw.

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an