- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
A new vulnerability in the LiteSpeed Cache plugin for WordPress has been identified that could allow unauthenticated attackers to inject malicious code into websites.
The flaw, discovered by TaiYou from Patchstack’s bug bounty program, impacts the plugin’s CSS queue generation process and affects over six million active installations.
The vulnerability, tracked as CVE-2024-47374, is an unauthenticated stored XSS issue that could lead to privilege escalation or data theft. It exploits the plugin’s “Vary Group” functionality, which controls cache variations based on user roles.
Attackers can manipulate this functionality via specially crafted HTTP headers, injecting harmful content directly into the WordPress admin panel.
“This vulnerability occurs because the code that handles the view of the queue doesn’t implement sanitization and output escaping,” Patchstack explained.
For the exploit to be effective, two settings must be enabled in the LiteSpeed Cache plugin:
-
CSS Combine
-
Generate UCSS
The first one combines multiple CSS files into a single file, reducing server load and improving performance. However, when active, it allows the vulnerable code to be triggered, opening the door for an attacker to exploit the flaw.
The second, on the other hand, generates unique CSS files for each page, tailored to the content being displayed. While this feature enhances optimization, it also makes the vulnerability exploitable, as it exposes the queue for CSS generation to potentially malicious inputs.
LiteSpeed has addressed the vulnerability in version 6.5.1, which implements proper input sanitization using the esc_html function to prevent malicious code injection.
Users of the LiteSpeed Cache plugin are strongly advised to update to the latest version to safeguard their sites from potential attacks.
“We recommend applying escaping and sanitization to any message that will be displayed as an admin notice,” Patchstack added. “We also recommend applying a proper permission or authorization check to the registered rest route endpoints.”