CVE-2023-40000 PoC — WordPress Plugin LiteSpeed Cache 跨站脚本漏洞

Source

https://github.com/rxerium/CVE-2023-40000

Associated Vulnerability

Title:WordPress Plugin LiteSpeed Cache 跨站脚本漏洞 (CVE-2023-40000)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin LiteSpeed Cache 5.7 版本及之前版本存在跨站脚本漏洞，该漏洞源于存在跨站脚本漏洞。

Description

LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges

Readme

# CVE-2023-40000
LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges

 ## How does this detection method work?

 This template looks at the following path: `/wp-content/plugins/litespeed-cache/readme.txt`

 Based on the `Stable Tag` listed, if the version is prior to `5.7.0.1` then it is considered to be vulnerable. 

 ## How do I run this template?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t <file.yaml>` 

## References

- https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html
- https://wordpress.org/plugins/litespeed-cache


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

File Snapshot


 [4.0K]  /data/pocs/a089420e8d1b8775ddc7783d314a44167cd61edb
├── [1.4K]  CVE-2023-40000.yaml
└── [ 896]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!