LiteSpeed Cache Plugin XSS Vulnerability Threatens Millions of WordPress Sites

February 27, 2024

A significant flaw has been discovered in the LiteSpeed Cache plugin for WordPress, which is currently used by over 4 million websites. The vulnerability, identified as CVE-2023-40000, is an unauthenticated site-wide stored XSS vulnerability. This flaw could potentially allow an unauthenticated user to steal sensitive data or escalate their privileges on the WordPress site by making a single HTTP request.

The advisory released by Patchstack states, “This plugin suffers from unauthenticated site-wide stored XSS vulnerability and could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request.” The vulnerability arises due to the lack of sanitization and output escaping in the code handling user input. This issue is compounded by improper access control on one of the plugin's available REST API endpoints.

The vulnerability was found in the 'update_cdn_status' function, which constructs an HTML value directly from the POST body parameter for the admin notice message. The issue can be resolved by sanitizing user input through esc_html directly on the affected parameter. In addition, the vendor has introduced a permission check on the update_cdn_status function and added hash validation to limit access to the function to privileged users only.

The vulnerability was addressed with the release of version in October 2023. Patchstack recommends applying escaping and sanitization to any message displayed as an admin notice. Depending on the data's context, they suggest using sanitize_text_field to sanitize value for HTML output (outside of HTML attribute) or esc_html. For escaping values inside attributes, the esc_attr function can be used. They also recommend implementing proper permission or authorization checks on the registered rest route endpoints.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.