Lucene search
K

231 matches found

Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.3 views

PT-2024-32592

Name of the Vulnerable Software and Affected Versions LiteSpeed Cache versions through 6.5.0.2 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be exploited by attackers t...

7.1CVSS6.3AI score0.0141EPSS
Exploits0References50
Patchstack
Patchstack
added 2024/09/30 11:56 a.m.6 views

WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability

Path Traversal vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.4.1...

8.8CVSS7AI score0.00634EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/30 10:10 a.m.4 views

WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.0.2...

6.5CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/30 8:59 a.m.6 views

WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.0.2...

7.1CVSS6.1AI score0.0141EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.32 views

WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Path Traversal

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-47637 Patch priority Low CVSS severity Low 8.8 Developer Hai Zheng / Lite Speed Cache PSID 9f05c0b173ee Credits TaiYou Required privilege Author...

8.8CVSS6.8AI score0.00634EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.18 views

WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47374 Patch priority Medium CVSS severity Medium 7.1 Developer Hai Zheng / Lite Speed Cache PSID b2ad66b394ec Credits TaiYou Required...

7.1CVSS6.5AI score0.0141EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.17 views

WordPress LiteSpeed Cache Plugin <= 6.5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.5.0.2 Fixed in 6.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47373 Patch priority Low CVSS severity Low 6.5 Developer Hai Zheng / Lite Speed Cache PSID 8df7cd2befd2 Credits TaiYou Required privile...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/25 9:15 a.m.1 views

CVE-2024-9169

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2024/09/25 9:15 a.m.27 views

CVE-2024-9169

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2024/09/25 8:31 a.m.114 views

CVE-2024-9169

CVE-2024-9169 (LiteSpeed Cache for WordPress) : A stored XSS exists in all versions up to 6.4.1 due to insufficient input sanitization and output escaping in plugin debug settings. Exploitation requires administrator-level privileges and affects multi-site installs or sites with unfiltered_html d...

5.5CVSS5.3AI score0.00265EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/25 1:33 a.m.7 views

WordPress litespeed cache plugin <= 6.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin LiteSpeed Cache versions = 6.4.1...

5.5CVSS5.7AI score0.00265EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.3 views

PT-2024-39467 · WordPress · Litespeed Cache

Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache plugin for WordPress versions up to, and including, 6.4.1 Description: The issue is related to Stored Cross-Site Scripting via plugin debug settings due to insufficient input sanitization and output escaping. This allows...

5.5CVSS6.2AI score0.00265EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.4 views

WordPress plugin LiteSpeed Cache 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.5CVSS5.9AI score0.00265EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.17 views

WordPress LiteSpeed Cache Plugin <= 6.4.1 is vulnerable to Cross Site Scripting (XSS)

Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.4.1 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9169 Patch priority Low CVSS severity Low 5.9 Developer Hai Zheng / Lite Speed Cache PSID 86505b2e63f8 Credits WordFence...

5.5CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.10 views

LiteSpeed Cache Plugin for WordPress < 6.5.0.1 Sensitive Information Exposure

The WordPress LiteSpeed Cache Plugin installed on the remote host is affected by an unauthenticated sensitive information exposure via log files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

9.8CVSS7.2AI score0.83178EPSS
Exploits7References3
0day.today
0day.today
added 2024/09/18 12:0 a.m.262 views

WordPress LiteSpeed Cache Cookie Theft Exploit

This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin...

9.8CVSS7.4AI score0.83178EPSS
Exploits7
Metasploit
Metasploit
added 2024/09/17 6:53 p.m.290 views

Wordpress LiteSpeed Cache plugin cookie theft

This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the...

9.8CVSS8.1AI score0.83178EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/09/17 12:0 a.m.224 views

WordPress LiteSpeed Cache Cookie Theft

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress LiteSpeed Cache plugin cookie theft', 'Description' = %q This module exploits an unauthenticated account takeover vulnerability in...

7.1AI score0.83178EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2024/09/17 12:0 a.m.5 views

The vulnerability of the LiteSpeed Cache plugin for WordPress (LSCWP), a content management system for WordPress websites, allows a hacker to gain unauthorized access to the debug log file “/wp-content/debug.log”.

The vulnerability of the LiteSpeed Cache plugin for WordPress LSCWP, a content management system for WordPress websites, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the debug log file...

7.8CVSS8.1AI score0.83178EPSS
Exploits7References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/09/16 12:0 a.m.6 views

The vulnerability of the LiteSpeed Cache plugin for WordPress (LSCWP), a content management system for WordPress websites, relates to improper privilege assignment, allowing attackers to escalate their privileges.

The vulnerability of the LiteSpeed Cache plugin for WordPress LSCWP, a content management system for WordPress websites, is related to incorrect privilege assignment. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

10CVSS5.9AI score0.68266EPSS
Exploits8References3Affected Software1
Rows per page
Query Builder