POC详情: a089420e8d1b8775ddc7783d314a44167cd61edb

来源
https://github.com/rxerium/CVE-2023-40000
关联漏洞
标题: WordPress Plugin LiteSpeed Cache 跨站脚本漏洞 (CVE-2023-40000)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin LiteSpeed Cache 5.7 版本及之前版本存在跨站脚本漏洞,该漏洞源于存在跨站脚本漏洞。
描述
LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges
介绍
# CVE-2023-40000
LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges

 ## How does this detection method work?

 This template looks at the following path: `/wp-content/plugins/litespeed-cache/readme.txt`

 Based on the `Stable Tag` listed, if the version is prior to `5.7.0.1` then it is considered to be vulnerable. 

 ## How do I run this template?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t <file.yaml>` 

## References

- https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html
- https://wordpress.org/plugins/litespeed-cache


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
文件快照

 [4.0K]  /data/pocs/a089420e8d1b8775ddc7783d314a44167cd61edb
├── [1.4K]  CVE-2023-40000.yaml
└── [ 896]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。