CVE-2026-3375

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

CVE-2026-3375 LiteSpeed Cache <= 7.7 - Unauthenticated Stored Cross-Site Scripting via QUIC.cloud CCSS/UCSS REST API Endpoints

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

PT-2026-43546

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify ccss and /wp-json/litespeed/v1/notify ucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback...

WordPress LiteSpeed Cache plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the WordPress LiteSpeed Cache plugin prior t...

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if...