WordPress Plugin Vulnerabilities
LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message.
Proof of Concept
Submit a payload such as <img src onerror=alert(/XSS/)> in the Admin IPs section of the Toolbox (/wp-admin/admin.php?page=litespeed-toolbox)
Affects Plugins
Fixed in version 3.6.1
References
Classification
Miscellaneous
Timeline
Publicly Published
2020-12-26 (about 1 years ago)
Added
2020-12-26 (about 1 years ago)
Last Updated
2020-12-28 (about 1 years ago)