CVE-2021-24963: 
WordPress vulnerability analysis and mitigation

The LiteSpeed Cache WordPress plugin before version 4.4.4 contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24963. The vulnerability was discovered in the plugin's admin page functionality and was publicly disclosed on January 3, 2022 (NVD).

The vulnerability exists because the plugin fails to properly escape the 'qc_res' parameter before outputting it back in the JavaScript code of an admin page. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, and a CVSS v2.0 score of 3.5 (Low) (NVD).

If exploited, this vulnerability could allow an authenticated attacker with administrative privileges to execute arbitrary JavaScript code in the context of other users' browsers who visit the affected admin page. This could potentially lead to theft of sensitive information or manipulation of the admin interface (WPScan).

The vulnerability has been fixed in version 4.4.4 of the LiteSpeed Cache WordPress plugin. Site administrators are advised to update to this version or later to mitigate the risk (WPScan).