Lucene search
China National Vulnerability DatabaseCNVD-2022-08319HistoryJan 06, 2022 - 12:00 a.m.
WordPress LiteSpeed Cache plugin cross-site scripting vulnerability
2022-01-0600:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
wordpress
litespeed cache
cross-site scripting
vulnerability
php
mysql
quic cloud server
EPSS
0.002
Percentile
55.2%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the WordPress LiteSpeed Cache plugin prior to 4.4.4, which stems from a failure to properly validate that requests are coming from the QUIC cloud server. An attacker could exploit this vulnerability to perform cross-site scripting attacks by sending requests to certain endpoints using specific X-Forwarded-For header values.
Related
wpexploit
wpexploit
LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
2021-11-30 00:00:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-24964
2022-01-03 13:15:08
wpvulndb
wpvulndb
LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
2021-11-30 00:00:00
prion
prion
Cross site scripting
2022-01-03 13:15:00
cve
cve
CVE-2021-24964
2022-01-03 13:15:08
openvas
openvas
WordPress LiteSpeed Cache Plugin < 4.4.4 Multiple Vulnerabilities
2022-06-24 00:00:00