The Wordfence Threat Intelligence team recently uncovered a serious security flaw in the LiteSpeed Cache plugin for WordPress. Known as a Stored Cross-Site Scripting (XSS) vulnerability, the issue affects versions up to, and including, 5.6, and gives malicious individuals with contributor-level permissions or higher the ability to inject harmful web scripts into pages by utilizing the plugin’s shortcode feature. The breach has the potential to compromise over 4,000,000 WordPress websites that currently have the LiteSpeed Cache plugin installed.
Subscribers of Wordfence Premium, Wordfence Care, and Wordfence Response, as well as users of the free version of the Wordfence plugin, are shielded from any attacks targeting this vulnerability by the built-in Cross-Site Scripting protection of the Wordfence firewall.
Wordfence contacted the team at LiteSpeed Cache swiftly after discovering the issue, and the LiteSpeed Technologies team promptly responded. After providing complete details of the flaw, the developer team developed a patch on August 16, 2023, and deployed it to the WordPress repository on October 10, 2023. This quick and effective response is worthy of commendation.
It is urged that all users of the LiteSpeed Cache plugin upgrade to the latest patched version, which is currently version 5.7 at the time of this report, without delay to prevent exploitation.
The technical analysis of the vulnerability reveals that the LiteSpeed Cache plugin’s shortcode functionality is implemented insecurely, making it possible for attackers to inject arbitrary web scripts into pages when using the plugin’s shortcode.
Moreover, a potential stored XSS attack can allow threat actors to execute malicious scripts each time the affected page is accessed, leading to severe consequences such as stealing sensitive information, manipulating site content, injecting administrative users, editing files, or redirecting users to malicious websites.
The disclosure timeline provides the dates of discovery, engagement with the plugin vendor, and the subsequent resolution process. The comprehensive advisory concludes by emphasizing the importance of installing the latest patched version of LiteSpeed Cache to secure WordPress websites.
All Wordfence users are equipped with protection against this vulnerability, and readers are encouraged to share this advisory with anyone who uses the LiteSpeed Cache plugin to ensure the security of their sites.
Security researchers who discover vulnerabilities and wish to disclose them responsibly have the opportunity to submit their findings to Wordfence Intelligence and potentially earn a spot on their leaderboard.
Read Full Article