Analysis Summary

A fresh high-severity security vulnerability has been found in the WordPress plugin LiteSpeed Cache, which, in some scenarios, might allow malevolent actors to run any JavaScript code.

The vulnerability, identified as CVE-2024-47374 (CVSS score: 7.2), affects all versions of the plugin, including 6.5.0.2. It is classified as a stored cross-site scripting (XSS) vulnerability. On September 25, 2024, it was fixed in version 6.5.1 after a researcher made a responsible disclosure. With just one HTTP request, it might enable any unauthorized user to obtain private data and, in this scenario, escalate their privileges on the WordPress website, according to the report.

The vulnerability arises from the way the plugin parses the value of the "X-LSCACHE-VARY-VALUE" HTTP header without performing sufficient sanitization or output escaping, which leaves open the possibility of arbitrary web script injection. That being said, it's important to note that the exploit cannot succeed unless the Page Optimization parameters "CSS Combine" and "Generate UCSS" are enabled.

These vulnerabilities, also known as persistent cross-site scripting attacks, allow an injected script to be stored on the target website's servers indefinitely. Examples of these servers include databases, message boards, traffic logs, and comments. This means that each time a gullible website visitor lands on the requested resource—for example, the page with the carefully worded comment—the malicious code encoded in the script is triggered.

Stored cross-site scripting (XSS) attacks carry potentially dangerous ramifications since they can be used as a weapon to distribute browser-based exploits, steal confidential data, or even take control of an authenticated user's session and carry out actions on their behalf. The most dangerous situation is when a threat actor gains total control of the website and launches even more potent attacks because the compromised user account belongs to the site administrator.

Cybercriminals often use WordPress plug-ins and themes as a means of infiltrating reputable websites. Because LiteSpeed Cache has more than six million active installations, vulnerabilities in the plugin present an attractive target for nefarious operations. The most recent patch was released over a month after another vulnerability (CVE-2024-44000, CVSS score: 7.5) that might have let unauthorized users take over accounts was fixed by the plugin developers.

Impact

• Cross-Site Scripting
• Unauthorized Access
• Sensitive Data Theft
• Privilege Escalation

Indicators of Compromise

CVE

• CVE-2024-47374

Affected Vendors

Remediation

• Upgrade to the latest version of LiteSpeed Cache Plugin for WordPress, available from the LiteSpeed Technologies Website.
• Enhance the security of your WordPress site by implementing two-factor authentication.
• Keep your WordPress core and all installed plugins up to date.
• Conduct regular security audits of your WordPress site.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
• Maintain daily backups of all computer networks and servers.
• Keep all software, operating systems, and applications updated with the latest security patches.
• Continuously monitor network and system logs for unusual or suspicious activities.
• Review and secure website code to prevent open redirect vulnerabilities.
• Educate all site administrators about security best practices and the potential risks associated with phishing emails, fake security advisories, and malicious plugins.