231 matches found
PT-2024-32592
Name of the Vulnerable Software and Affected Versions LiteSpeed Cache versions through 6.5.0.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be exploited by attackers t...
WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability
Path Traversal vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.4.1...
WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.0.2...
WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.0.2...
WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Path Traversal
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-47637 Patch priority Low CVSS severity Low 8.8 Developer Hai Zheng / Lite Speed Cache PSID 9f05c0b173ee Credits TaiYou Required privilege Author...
WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...
WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47373 Patch priority Low CVSS severity Low 6.5 Developer Hai Zheng / Lite Speed Cache PSID 8df7cd2befd2 Credits TaiYou Required privile...
CVE-2024-9169
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9169
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9169
CVE-2024-9169 (LiteSpeed Cache for WordPress) : A stored XSS exists in all versions up to 6.4.1 due to insufficient input sanitization and output escaping in plugin debug settings. Exploitation requires administrator-level privileges and affects multi-site installs or sites with unfiltered_html d...
WordPress litespeed cache plugin <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin LiteSpeed Cache versions = 6.4.1...
PT-2024-39467 · WordPress · Litespeed Cache
Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache plugin for WordPress versions up to, and including, 6.4.1 Description: The issue is related to Stored Cross-Site Scripting via plugin debug settings due to insufficient input sanitization and output escaping. This allows...
WordPress plugin LiteSpeed Cache 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Cross Site Scripting (XSS)
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9169 Patch priority Low CVSS severity Low 5.9 Developer Hai Zheng / Lite Speed Cache PSID 86505b2e63f8 Credits WordFence...
LiteSpeed Cache Plugin for WordPress < 6.5.0.1 Sensitive Information Exposure
The WordPress LiteSpeed Cache Plugin installed on the remote host is affected by an unauthenticated sensitive information exposure via log files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
WordPress LiteSpeed Cache Cookie Theft Exploit
This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin...
Wordpress LiteSpeed Cache plugin cookie theft
This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the...
WordPress LiteSpeed Cache Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress LiteSpeed Cache plugin cookie theft', 'Description' = %q This module exploits an unauthenticated account takeover vulnerability in...
The vulnerability of the LiteSpeed Cache plugin for WordPress (LSCWP), a content management system for WordPress websites, allows a hacker to gain unauthorized access to the debug log file “/wp-content/debug.log”.
The vulnerability of the LiteSpeed Cache plugin for WordPress LSCWP, a content management system for WordPress websites, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the debug log file...
The vulnerability of the LiteSpeed Cache plugin for WordPress (LSCWP), a content management system for WordPress websites, relates to improper privilege assignment, allowing attackers to escalate their privileges.
The vulnerability of the LiteSpeed Cache plugin for WordPress LSCWP, a content management system for WordPress websites, is related to incorrect privilege assignment. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...