Millions of WordPress sites vulnerable to compromise due to plugin bug

28 February 2024

More than five million WordPress sites could be compromised due to an unauthenticated site-wide cross-site scripting flaw in the LiteSpeed Cache plugin, tracked as CVE-2023-40000, which could be exploited to facilitate privilege escalation attacks, according to The Hacker News. Inadequate user input sanitization and escaping output have caused the vulnerability, which has been addressed in an October update but could be abused through a single HTTP request, a report from Patchstack showed.

Source: SC Magazine

Date:

28 February 2024

Categorie(s):

NEWS

Tag(s):

IT, Million, News, Plugins, Sites

Microsoft details broad plan to enhance its cybersecurity practices3 May 2024
You get a passkey, you get a passkey, everyone should get a passkey3 May 2024
Dell Advances Data Protection Portfolio Amid Rising Cyber Threats3 May 2024
Best Identity Theft Protection and Monitoring Services for 2024: Aura Is Our New Winner – CNET3 May 2024
Three insights you might have missed from theCUBE’s coverage of Dell Technologies’ ‘Building Cyber Resilience’ event3 May 2024