close

April 2024 only! Join our Discord free of charge.

Slick­Stack
Lightning-fast WordPress on Nginx
search
menu
search

4 million Litespeed sites have XSS vulnerability wtf

  • This topic is empty.
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • October 26, 2023 at 2:47 am #8620
    Rebecca
    Guest

    this crazy.

    https://www.searchenginejournal.com/wordpress-litespeed-plugin-vulnerability-affects-4-million-websites/499074/

    October 26, 2023 at 2:48 am #8621
    Jordan
    Guest

    In the specific LiteSpeed vulnerability, the implementation of a shortcode functionality allowed a malicious hacker to upload scripts they otherwise would not be able to had the proper security protocols of sanitization/escaping data been in place.

    October 26, 2023 at 2:49 am #8622
    Sarah
    Guest

    That’s about the worst type of vulnerability you can have.

    October 26, 2023 at 2:50 am #8623
    Logan
    Guest

    this story makes no sense, Wordfence told them in August 2023 about this and they “released a patch” the next day, but why did it take until October 2023 before this patch was released on WordPress.org for the LS Cache plugin

    4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin

    “We contacted The LiteSpeed Cache Team on August 14, 2023, and we received a response on the same day. After providing full disclosure details, the developer team made a patch on August 16, 2023, and released it to the WordPress repository on October 10, 2023. We would like to commend the LiteSpeed Technologies for their prompt response and timely patch.”

    October 26, 2023 at 2:52 am #8624
    Emma
    Guest

    Maybe Litespeed lied about the patch to Wordfence. not sure how to fix it so just pretended to for a while?

    October 26, 2023 at 2:52 am #8625
    Billy
    Guest

    a classic WordPress Christmas story! lol never ends….

    October 26, 2023 at 2:54 am #8626
    Donna
    Guest

    They literally had the same XSS vulnerability in 2021:

    https://wpscan.com/vulnerability/7f8b4275-7586-4e04-afd9-d12bdab6ba9b/

    October 26, 2023 at 2:58 am #8627
    Hannah
    Guest

    don’t worry, the dumbasses who use the LS Cache plugin won’t even notice because they also have Elementor and Rank Math installed

    impossible to know for sure which plugin caused their site to get hacked! 💯

    October 26, 2023 at 1:25 pm #8638
    Billy
    Guest

    Maybe Litespeed lied about the patch to Wordfence. not sure how to fix it so just pretended to for a while?

    It seems that the patch was committed to GitHub (but not released on wordpress.org) on August 16:

    https://github.com/litespeedtech/lscache_wp/commit/95a407d9f192b37ac6cf96d2aa50f240e3e6b2d7

    Bizarrely the patch contains several hundred lines of pointless whitespace changes, making it kind of hard to tell what was actually fixed…

    October 27, 2023 at 12:54 am #8644
    Gary
    Guest

    strange indeed

    November 8, 2023 at 7:13 am #8944
    Sandra
    Guest

    why did SlickStack blacklist Rank Math SEO

    April 9, 2024 at 7:16 am #21453
    Jacob
    Guest

    Litespeed flew too close to the sun……..

    April 9, 2024 at 7:17 am #21454
    Frances
    Guest

    LittleBizzy website speed vs. static Litespeed site

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.

Thanks to our generous sponsors for their support!