A security vulnerability has been disclosed within the LiteSpeed Cache plugin for WordPress that would allow unauthenticated customers to escalate their privileges.
Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in model 5.7.0.1.
“This plugin suffers from unauthenticated site-wide saved [cross-site scripting] vulnerability and will enable any unauthenticated consumer from stealing delicate data to, on this case, privilege escalation on the WordPress website by performing a single HTTP request,” Patchstack researcher Rafie Muhammad mentioned.
LiteSpeed Cache, which is used to enhance website efficiency, has greater than 5 million installations. The most recent model of the plugin in 6.1, which was launched on February 5, 2024.
The WordPress security firm mentioned CVE-2023-40000 is the results of a scarcity of consumer enter sanitization and escaping output. The vulnerability is rooted in a operate named update_cdn_status() and might be reproduced in a default set up.
“For the reason that XSS payload is positioned as an admin discover and the admin discover could possibly be displayed on any wp-admin endpoint, this vulnerability additionally could possibly be simply triggered by any consumer that has entry to the wp-admin space,” Muhammad mentioned.
The disclosure arrives 4 months after Wordfence revealed one other XSS flaw in the identical plugin (CVE-2023-4372, CVSS rating: 6.4) resulting from inadequate enter sanitization and output escaping on consumer equipped attributes. It was addressed in model 5.7.
“This makes it attainable for authenticated attackers with contributor-level and above permissions to inject arbitrary internet scripts in pages that may execute at any time when a consumer accesses an injected web page,” István Márton mentioned.
