The LiteSpeed Cache plugin used on over four million WordPress sites has fixed an XSS vulnerability in version 5.7. This plugin offers features such as site acceleration, server-level caching, and optimization capabilities. It is popular due to its compatibility with WordPress multisite and plugins like WooCommerce, bbPress, and Yoast SEO. A security researcher at Wordfence discovered the vulnerability, which could allow attackers to inject malicious scripts in pages. Users are advised to update to the latest version, as only 30% of the user base has done so. A detailed advisory from Wordfence provides more information and technical analysis.
Read Full Article