LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
CVE-2021-24964

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Litespeed Cache
Vendor: CVE Published:; 3 January 2022

Summary

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

Affected Version(s)

LiteSpeed Cache 4.4.4

References

https://wpscan.com/vulnerability/e9966b3e-2eb9-4d70-8c18-...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 3, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

Emil Kylander