LiteSpeed Cache Plugin Flaw Let Attackers Inject Malicious Code, 5M+ Sites Impacted
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The popular LiteSpeed Cache plugin for WordPress has been found vulnerable to a Cross-Site Request Forgery (CSRF) attack, which could potentially impact over 5 million websites.
The flaw, identified as CVE-2024-3246, was publicly disclosed on July 23, 2024, and has been assigned a CVSS score of 6.1, categorizing it as a medium-severity vulnerability.
CVE-2024-3246 – LiteSpeed Cache Plugin Flaw
According to the Wordfence report, the vulnerability, discovered by security researcher Krzysztof Zając from CERT PL, affects all versions of the LiteSpeed Cache plugin up to and including 6.2.0.1.
The flaw stems from missing or incorrect nonce validation, a critical security measure to prevent CSRF attacks.
This oversight allows unauthenticated attackers to update the token setting and inject malicious JavaScript code via a forged request.
For the attack to be successful, the attacker must trick a site administrator into acting, such as clicking on a malicious link.
Vulnerability Details:
Affected Version
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
LiteSpeed Cache Plugin Flaw Let Attackers Inject Malicious Code, 5M+ Sites Impacted
Author: DhivyaThe popular LiteSpeed Cache plugin for WordPress has been found vulnerable to a Cross-Site Request Forgery (CSRF) attack, which could potentially impact over 5 million websites.
The flaw, identified as CVE-2024-3246, was publicly disclosed on July 23, 2024, and has been assigned a CVSS score of 6.1, categorizing it as a medium-severity vulnerability.
CVE-2024-3246 – LiteSpeed Cache Plugin Flaw
According to the Wordfence report, the vulnerability, discovered by security researcher Krzysztof Zając from CERT PL, affects all versions of the LiteSpeed Cache plugin up to and including 6.2.0.1.
The flaw stems from missing or incorrect nonce validation, a critical security measure to prevent CSRF attacks.
This oversight allows unauthenticated attackers to update the token setting and inject malicious JavaScript code via a forged request.
For the attack to be successful, the attacker must trick a site administrator into acting, such as clicking on a malicious link.
Vulnerability Details:
Affected Version
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
