Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.WORDPRESS_PLUGIN_LITESPEED_CACHE_CVE-2023-40000.NASL
HistorySep 11, 2024 - 12:00 a.m.

WordPress Plugin 'LiteSpeed Cache' < 5.7.0.1 Stored XSS

2024-09-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
wordpress
litespeed cache
stored xss
vulnerability
web page generation
update
cvss
exploits

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

6.4

Confidence

High

The WordPress application running on the remote host has a version of the ‘LiteSpeed Cache’ plugin that is prior to 5.7.0.1. It is, therefore, affected by a stored XSS vulnerability due to improper neutralization of input during web page generation.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206970);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/12");

  script_cve_id("CVE-2023-40000");

  script_name(english:"WordPress Plugin 'LiteSpeed Cache' < 5.7.0.1 Stored XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote WordPress application has a plugin installed that is affected by a stored cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The WordPress application running on the remote host has a version of the 'LiteSpeed Cache' plugin that is prior to 
5.7.0.1. It is, therefore, affected by a stored XSS vulnerability due to improper neutralization of input during web page 
generation.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://wordpress.org/plugins/litespeed-cache/");
  # https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-5-7-unauthenticated-site-wide-stored-xss-vulnerability?_s_id=cve
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2f0016e7");
  script_set_attribute(attribute:"solution", value:
"Update the 'LiteSpeed Cache' plugin to version 5.7.0.1 or later through the administrative dashboard.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40000");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:litespeedtech:litespeed_cache");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("wordpress_plugin_detect.nbin");
  script_require_keys("installed_sw/WordPress", "www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::wordpress::plugin::get_app_info(plugin:'litespeed-cache');

var constraints = [
  { 'fixed_version': '5.7.0.1'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE,
  flags:{'xss':TRUE}
);

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

6.4

Confidence

High

Related for WORDPRESS_PLUGIN_LITESPEED_CACHE_CVE-2023-40000.NASL