4 million Litespeed sites have XSS vulnerability wtf
- This topic is empty.
October 26, 2023 at 2:47 am #8620RebeccaGuestOctober 26, 2023 at 2:48 am #8621JordanGuest
In the specific LiteSpeed vulnerability, the implementation of a shortcode functionality allowed a malicious hacker to upload scripts they otherwise would not be able to had the proper security protocols of sanitization/escaping data been in place.October 26, 2023 at 2:49 am #8622SarahGuest
That’s about the worst type of vulnerability you can have.October 26, 2023 at 2:50 am #8623LoganGuest
this story makes no sense, Wordfence told them in August 2023 about this and they “released a patch” the next day, but why did it take until October 2023 before this patch was released on WordPress.org for the LS Cache plugin
“We contacted The LiteSpeed Cache Team on August 14, 2023, and we received a response on the same day. After providing full disclosure details, the developer team made a patch on August 16, 2023, and released it to the WordPress repository on October 10, 2023. We would like to commend the LiteSpeed Technologies for their prompt response and timely patch.”October 26, 2023 at 2:52 am #8624EmmaGuest
Maybe Litespeed lied about the patch to Wordfence. not sure how to fix it so just pretended to for a while?October 26, 2023 at 2:52 am #8625BillyGuest
a classic WordPress Christmas story! lol never ends….October 26, 2023 at 2:54 am #8626DonnaGuest
They literally had the same XSS vulnerability in 2021:October 26, 2023 at 2:58 am #8627HannahGuest
don’t worry, the dumbasses who use the LS Cache plugin won’t even notice because they also have Elementor and Rank Math installed
impossible to know for sure which plugin caused their site to get hacked! 💯October 26, 2023 at 1:25 pm #8638BillyGuest
Maybe Litespeed lied about the patch to Wordfence. not sure how to fix it so just pretended to for a while?
It seems that the patch was committed to GitHub (but not released on wordpress.org) on August 16:
Bizarrely the patch contains several hundred lines of pointless whitespace changes, making it kind of hard to tell what was actually fixed…October 27, 2023 at 12:54 am #8644GaryGuest
strange indeedNovember 8, 2023 at 7:13 am #8944SandraGuest