CVE-2023-4372

Summary

CVE-2023-4372 is a vulnerability affecting the LiteSpeed Cache plugin for WordPress up to version 5.6. It is categorized as a Stored Cross-Site Scripting (XSS) vulnerability and is caused by insufficient input sanitization and output escaping on user supplied attributes. This allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts that will execute whenever a user accesses an injected page. The vulnerability has a medium severity rating, with a base score of 6.4 according to CVSS v3.1. The affected products include a wide range of versions within the gpDVo series. To remediate the vulnerability, users are advised to update their LiteSpeed Cache plugin to a version beyond 5.6 that includes the necessary security fixes. If left unpatched, this vulnerability can pose potential danger to organizations using the affected products, as it can lead to unauthorized script execution on their WordPress pages and compromise user data confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.