231 matches found
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...
WordPress Litespeed Cache 3.6 Cross Site Scripting
Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...
CVE-2020-29172
A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...
CVE-2020-29172
A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...
Cross site scripting
A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...
CVE-2020-29172
CVE-2020-29172 is a cross-site scripting vulnerability in the WordPress LiteSpeed Cache plugin prior to 3.6.1. The issue arises because the Toolbox Admin IPs/Server IP setting does not sanitize input, enabling injection of script payloads via the IP field. Some sources (WPVulnDB/OpenVAS explainer...
CVE-2020-29172
A cross-site scripting XSS vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting...
LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message. Submit a payload such as in the Admin IPs section of the Toolbox /wp-admin/admin.php?page=litespeed-toolbox...
LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message. PoC Submit a payload such as in the Admin IPs section of the Toolbox /wp-admin/admin.php?page=litespeed-toolbox...
WordPress LiteSpeed Cache plugin <= 3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by WonTae Jang in WordPress LiteSpeed Cache plugin versions = 3.6. Solution Update the WordPress LiteSpeed Cache plugin to the latest available version at least 3.6.1...
Wordpress LiteSpeed Cache Plugin Cross-Site Scripting Vulnerability
Wordpress LiteSpeed Cache Plugin is a Wordpress Foundation plugin that provides site caching functionality for Wordpress sites. The plugin supports object caching, minimizing static files, asynchronous loading, automatic cache clearing and other features. A cross-site scripting vulnerability exis...