Popular WordPress Caching Plugin Had a Major XSS Vulnerability

by
Krishi Chowdhary
from Techreport on (#6RC5H)
LiteSpeed-Cache-1200x389.png
  • Security researcher TaiYou" discovered three flaws in the popular WordPress caching plug-in Litespeed.
  • Out of these three, one XSS vulnerability tracked as CVE-2024-47374, was deemed dangerous.
  • Thankfully, Patchstack (the creator of the plug-in) has taken care of it within a day.

LiteSpeed-Cache-300x97.png

A popular WordPress caching plug-in called Litespeed Cache has a cross-site scripting flaw (XSS). It's an old and popular flaw in which the attacker injects malicious codes into a legitimate website to execute malicious scripts that will affect the person visiting the page.

It also enables attackers to steal information, escalate privileges by a single HTTP request, and download malicious codes onto the affected site that in turn allows ads, redirects, and other HTML offloads on the site.

The vulnerability which is being tracked as CVE-2024-47374, was discovered by a security researcher who goes by the name TaiYou." On September 24, he reported it to Patchstack through the Patchstack Bug Bounty Program for WordPress.

As of now, it only affects the 6.5.0.2 version of Litespeed so users are recommended to upgrade as soon as possible to avoid the vulnerability.

TaiYou also reported two other flaws - another XSS and a path-traversal vulnerability - in addition to the CVE-2024-47374. However, only the first flaw is considered a threat and exploitable.

More Details About the Flaw

On CVEdetails.com, CVE-2024-47374 is said to be creating Improper Neutralization of Input During Web Page Generation."

In simple terms, the product fails to neutralize the user-controllable inputs before placing it in the output being used as a web page for other users. In some cases, even if it does neutralize, it's done incorrectly.

This happens because the piece of code handling the view of a queue in Vary Group (a functionality that combines cache varies" and user roles") doesn't apply output escaping and sanitization. Why? Because this functionality doesn't need them. But unfortunately, this non-requirement is causing the issue.

What Does Patchstack Have to Say About This?

Considering that more than 6 million people use the Litespeed Cache plug-in, this issue needed a timely fix and Patchstack didn't disappoint.

  • Upon being notified about the vulnerability, it sent back a patch for validation on the very same day.
  • By the next day, on September 25, it fixed all three flaws
  • 5 days later, the flaws were added to its vulnerability database.

The patch applied is pretty simple. It sanitizes the output with the help of esc_html. In addition to the fix, the company has also applied a virtual patch to block all attacks until the customers upgrade to the fixed version.

Furthermore, if WordPress site developers want extra protection against the flaw, they should apply sanitizing and escaping to messages that are displayed as admin notices.

Last but not least, site developers are advised to deploy an extra layer of security to the registered rest route endpoints in the form of an authorization check to protect the site from an XSS vulnerability.

The post Popular WordPress Caching Plugin Had a Major XSS Vulnerability appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments