A WordPress plugin called LiteSpeed Cache has a security hole that allows unauthenticated users to increase their privileges.
Issue 5.7.0.1 was patched in October 2023 to address the CVE-2023-40000 vulnerability.
Patchstack researcher Rafie Muhammad found a cross-site scripting vulnerability in this plugin, which might allow unauthorized users to get access to sensitive data and, specifically, escalate WordPress site privileges through a second HTTP request.
To enhance the operation of their pages, more than five million sites have used LiteSpeed Cache. Released on February 5, 2024, type 6.1 is the most recent version.
According to WordPress’s security company, CVE-2023-40000 is caused by result escaping and a lack of user insight sanitization. The update_cd n_status () function, which is commonly used in installations, is the source of the vulnerability.
Because the XSS payload is published as an admin notice, any user with wp-admin access can trigger this vulnerability rapidly, according to Muhammad. This is because any wp-admin endpoint might show this message.
Previous exposure of an XSS vulnerability in the same plugin by Wordfence (CVE-2023-4372, CVSS rating: 6.4) due to insufficient input sanitization and output escaping on user-provided attributes prompted the reporting. We addressed this issue in version 5.7.
As István Márton points out, this opens the door for authorized attackers to inject arbitrary internet scripts into pages anytime a user visits the compromised page.
