CVE-2021-24964

moderate-risk
Published 2022-01-03

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

Do I need to act?

!
14.8% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Litespeedtech

References (2)

Exploit https://wpscan.com/vulnerability/e9966b3e-2eb9-4d70-8c18-6a829b4827cc
Exploit https://wpscan.com/vulnerability/e9966b3e-2eb9-4d70-8c18-6a829b4827cc
40
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 12/34 · Low
Exposure 5/34 · Minimal