LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
CVE-2021-24964

6.1MEDIUM

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
3 January 2022

What is CVE-2021-24964?

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

Affected Version(s)

LiteSpeed Cache 4.4.4

References

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Emil Kylander
.
The Cyber Security Vulnerability Database.