WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the WordPress LiteSpeed Cache plugin prior to 4.4.4, which stems from a failure to properly validate that requests are coming from the QUIC cloud server. An attacker could exploit this vulnerability to perform cross-site scripting attacks by sending requests to certain endpoints using specific X-Forwarded-For header values.