Cross-site Scripting (XSS) Vulnerability in LiteSpeed Cache

CVE-2023-40000

Summary

A security vulnerability exists in LiteSpeed Technologies' LiteSpeed Cache that enables an attacker to perform stored cross-site scripting (XSS) attacks. This flaw occurs due to improper handling of input during web page generation. When successfully exploited, the vulnerability can allow attackers to inject malicious scripts that may execute in the context of the user's browser session, leading to unauthorized actions or data theft. Affected versions include LiteSpeed Cache from n/a up to and including 5.7. Organizations using this software should assess their security posture to mitigate potential risks associated with this vulnerability.

News Articles

SC Media

CVE-2023-40000

WordPress sites targeted for hijacking with LiteSpeed Cache plugin flaw

More than 1.8 million WordPress sites using an old version of the LiteSpeed Cache plugin are at risk of takeovers amid attacks exploiting a high-severity unauthenticated cross-site scripting vulnerability, tracked as CVE-2023-40000, which have been increasing during the past month, according to Blee...

The Hacker News

CVE-2023-40000

Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.

The Hacker News

CVE-2023-40000

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att

References