WordPress LiteSpeed Cache Vulnerability [CVE-2020-29172]
Security Research

WordPress LiteSpeed Cache Vulnerability [CVE-2020-29172]

CVE-2020-29172 is a cross-site scripting (XSS) vulnerability. The Server IP option can be used to exploit cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin for WordPress prior to 3.6.1. The plugin does not sanitize invalid IPs given in its Toolbox page before displaying them in an error message which is Stored XSS. XSS is the second most common problem in the OWASP Top 10, appearing in almost two-thirds of all applications.

Key Pointers:
  • Introduction to LightSpeed Cache Vulnerability and XSS
  • Taking a look at the severity of the vulnerability
  • Making a note on the remediation for the vulnerability
  • Setting up the lab and understanding the exploitation scenario
  • Performing the exploit in the lab environment

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo