61 matches found
CVE-2024-44000
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
CVE-2024-50550
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through = 6.5.1...
CVE-2024-50550
The CVE-2024-50550 entry concerns the WordPress LiteSpeed Cache plugin (versions through 6.5.1) with an Incorrect Privilege Assignment vulnerability that enables privilege escalation. Reports attribute the root cause to weak hash verification in the crawler/role-simulation logic (is_role_simulati...
CVE-2024-50550 WordPress LiteSpeed Cache plugin <= 6.5.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through = 6.5.1...
CVE-2024-44000 WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
CVE-2024-47637
Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through = 6.4.1...
CVE-2024-47637
CVE-2024-47637 is a path-traversal vulnerability in LiteSpeed Cache for WordPress (LiteSpeed Cache plugin) affecting versions up to 6.4.1. The issue enables relative path traversal due to insufficient input validation, with CVSS 3.1 base score 8.8 (HIGH). A fix is available: update to 6.5.1. Unti...
CVE-2024-47374
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.0.2...
CVE-2024-47373
CVE-2024-47373 is a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache (WordPress plugin) affecting versions up to 6.5.0.2. The issue arises from improper neutralization of input during web page generation, enabling stored XSS. Public sources (NVD, Red Hat, Patchstack, CVE lists) ...
CVE-2024-47374
CVE-2024-47374 affects the WordPress LiteSpeed Cache plugin up to version 6.5.0.2. The vulnerability is a stored XSS caused by improper input neutralization during web page generation, enabling attackers to execute malicious scripts in victims’ browsers. Impact can include session hijacking or pa...
CVE-2024-28000
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 6.3.0.1...
CVE-2024-28000
CVE-2024-28000 affects WordPress LiteSpeed Cache (LiteSpeed Cache plugin) versions from 1.9 through 6.3.0.1. The issue is an Incorrect Privilege Assignment that allows unauthenticated escalation to administrator, enabling full site control. Mitigation: update to plugin version 6.4.0+ (or a patche...
CVE-2023-40000
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7...
CVE-2023-45000
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7...
CVE-2023-45000 WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Broken Access Control on API vulnerability
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7...
CVE-2022-46800
Cross-Site Request Forgery CSRF vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin = 5.3 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin = 5.3 versions...
CVE-2022-46800 WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin = 5.3 versions...
CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1...
CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1...