The LiteSpeed Cache plugin’s security flaw, which was discovered in the plugin, could make it possible for unauthenticated users to escalate their privileges.
The vulnerability, which is identified as CVE- 2023- 40000, was fixed in version 5.7.0.1 in October 2023.
According to Patchstack researcher Rafie Muhammad,” This plugin suffers from unauthenticated site- wide stored]cross- site scripting ] vulnerability and could allow any unauthenticated user to steal sensitive information to, in this case, privilege escalation on the WordPress site by making just one HTTP request.”
More than five million sites have installed LiteSpeed Cache, which improves website performance. The plugin’s newest version, version 6.1, was made available on February 5, 2024.
According to the WordPress security firm, CVE- 2023-40000 is the result of inadequate user input sanitization and escape output. The vulnerability can be reproduced in a default installation using a function named update_cd n_status ( ).
This vulnerability could be easily triggered by any user who has access to the wp-admin area because the XSS payload is displayed as an admin notice and as such may be displayed on any wp-admin endpoint, Muhammad said.
Four months prior, Wordfence exposed yet another XSS bug in the same plugin ( CVE- 2023- 4372, CVSS score: 6.4), as a result of inadequate input sanitization and output escaping on user-provided attributes. In version 5. 7 it was addressed.
According to István Márton,” This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts into pages that will execute whenever a user accesses an injected page.”