WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache<\/a> plugin for WordPress. <\/p>\n\n\n\n
The vulnerability, tracked as CVE-2023-400-9056956<\/a> CVSS score: 8.3, is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) issue in LiteSpeed Technologies LiteSpeed Cache that allows Stored XSS.<\/p>\n\n\n\n
“The most common IP addresses that were probably scanning for vulnerable sites were\u00a094.102.51.144, with 1,232,810 requests, and\u00a031.43.191.220\u00a0with 70,472\u00a0requests.” reads WPScan<\/a>.<\/em> “The most common IP addresses that were probably scanning for vulnerable sites were\u00a094.102.51.144<\/strong>, with 1,232,810 requests, and\u00a031.43.191.220\u00a0<\/strong>with 70,472\u00a0requests.”<\/em><\/p>\n\n\n\n
The vulnerability was fixed in October 2023 with the release of version 5.7.0.1. <\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0UK Ministry of Defense)<\/strong>