2 matches found
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...
CVE-2021-24964
CVE-2021-24964 affects the WordPress LiteSpeed Cache plugin prior to 4.4.4. The root issues are (1) failure to verify QUIC.cloud-origin requests, enabling an IP/check bypass via X-Forwarded-For to access certain endpoints, and (2) an endpoint that can inject CSS if a setting is enabled, which can...