ThreatPress

WordPress Vulnerability Database

Back

WordPress LiteSpeed Cache plugin <= 3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
LiteSpeed Cache
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by WonTae Jang in WordPress LiteSpeed Cache plugin (versions <= 3.6).
Solution
Update the WordPress LiteSpeed Cache plugin to the latest available version (at least 3.6.1).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE- 2020-29172
Versions
Affected In <= 3.6
Fixed In 3.6.1
Disclosure date
2020-12-26
Credits
WonTae Jang