CVE-2023-40000

HIGH EXPLOITED NUCLEI

LiteSpeed Cache < 5.7 - Unauthenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-40000 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including rxerium, quantiom, iveresk. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Nuclei template for detecting the presence of vulnerable versions of the LiteSpeed Cache WordPress plugin (CVE-2023-40000). It checks the version in readme.txt and flags versions below 5.7.0.1 as vulnerable.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.

Exploits (3)

nomisec SCANNER 7 stars
by rxerium · infoleak
https://github.com/rxerium/CVE-2023-40000

This repository contains a Nuclei template for detecting the presence of vulnerable versions of the LiteSpeed Cache WordPress plugin (CVE-2023-40000). It checks the version in readme.txt and flags versions below 5.7.0.1 as vulnerable.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress LiteSpeed Cache plugin < 5.7.0.1
No auth needed
Prerequisites: Access to the target WordPress site
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 5 stars
by quantiom · client-side
https://github.com/quantiom/litespeed-cache-xss-poc

This repository contains a functional proof-of-concept exploit for CVE-2023-40000, a stored XSS vulnerability in the LiteSpeed Cache WordPress plugin. The exploit leverages unsanitized input in the `update_cdn_status` function to inject malicious JavaScript, which creates an admin account and maintains persistence.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: LiteSpeed Cache WordPress plugin < 5.7.0.1
No auth needed
Prerequisites: Vulnerable version of LiteSpeed Cache plugin · Access to the target WordPress site's `/wp-json/litespeed/v1/cdn_status` endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by iveresk · client-side
https://github.com/iveresk/cve-2023-40000

This repository contains a functional exploit PoC for CVE-2023-40000, targeting the LiteSpeed Cache WordPress plugin. The exploit leverages an XSS vulnerability to create an administrator account via a crafted POST request to the vulnerable endpoint.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: LiteSpeed Cache < 5.7.0.1
No auth needed
Prerequisites: Target must have LiteSpeed Cache plugin installed and vulnerable version · Target must be accessible via HTTP/HTTPS
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
HIGHVERIFIEDby 0x_Akoko
Shodan: vuln:CVE-2023-40000
FOFA: wp-content/plugins/litespeed-cache/

References (2)

Core 2

Scores

CVSS v3 8.3
EPSS 0.5338
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-05-03
CWE
CWE-79
Status published
Products (2)
LiteSpeed Technologies/LiteSpeed Cache < 5.7
litespeedtech/litespeed_cache < 5.7.0.1
Published Apr 16, 2024
Tracked Since Feb 18, 2026