Lucene search
K
LitespeedtechLitespeed Cache

15 matches found

CVE
CVE
added 2024/04/16 5:46 p.m.363 views

CVE-2023-40000

LiteSpeed Cache (WordPress plugin)

8.3CVSS8.9AI score0.54872EPSS
Web
CVE
CVE
added 2024/08/21 1:53 p.m.245 views

CVE-2024-28000

CVE-2024-28000 affects WordPress LiteSpeed Cache (LiteSpeed Cache plugin) versions from 1.9 through 6.3.0.1. The issue is an Incorrect Privilege Assignment that allows unauthenticated escalation to administrator, enabling full site control. Mitigation: update to plugin version 6.4.0+ (or a patche...

9.8CVSS6AI score0.68266EPSS
Web
CVE
CVE
added 2024/10/05 3:16 p.m.243 views

CVE-2024-47374

CVE-2024-47374 affects the WordPress LiteSpeed Cache plugin up to version 6.5.0.2. The vulnerability is a stored XSS caused by improper input neutralization during web page generation, enabling attackers to execute malicious scripts in victims’ browsers. Impact can include session hijacking or pa...

7.1CVSS6AI score0.0141EPSS
In wild
CVE
CVE
added 2024/10/20 11:26 a.m.202 views

CVE-2024-44000

CVE-2024-44000 affects LiteSpeed Cache for WordPress (versions before 6.5.0.1). Public details from multiple sources describe an authentication bypass vulnerability linked to insufficient credential protection, with several connected documents highlighting that debug logging can expose admin cook...

9.8CVSS7.4AI score0.83178EPSS
CVE
CVE
added 2024/10/29 9:57 a.m.177 views

CVE-2024-50550

The CVE-2024-50550 entry concerns the WordPress LiteSpeed Cache plugin (versions through 6.5.1) with an Incorrect Privilege Assignment vulnerability that enables privilege escalation. Reports attribute the root cause to weak hash verification in the crawler/role-simulation logic (is_role_simulati...

9.8CVSS7.4AI score0.00913EPSS
CVE
CVE
added 2024/10/05 3:17 p.m.116 views

CVE-2024-47373

CVE-2024-47373 is a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache (WordPress plugin) affecting versions up to 6.5.0.2. The issue arises from improper neutralization of input during web page generation, enabling stored XSS. Public sources (NVD, Red Hat, Patchstack, CVE lists) ...

6.5CVSS5.9AI score0.00241EPSS
CVE
CVE
added 2024/09/25 8:31 a.m.115 views

CVE-2024-9169

CVE-2024-9169 (LiteSpeed Cache for WordPress) : A stored XSS exists in all versions up to 6.4.1 due to insufficient input sanitization and output escaping in plugin debug settings. Exploitation requires administrator-level privileges and affects multi-site installs or sites with unfiltered_html d...

5.5CVSS5.3AI score0.00265EPSS
CVE
CVE
added 2020/12/26 1:56 a.m.97 views

CVE-2020-29172

CVE-2020-29172 is a cross-site scripting vulnerability in the WordPress LiteSpeed Cache plugin prior to 3.6.1. The issue arises because the Toolbox Admin IPs/Server IP setting does not sanitize input, enabling injection of script payloads via the IP field. Some sources (WPVulnDB/OpenVAS explainer...

6.1CVSS6AI score0.0093EPSS
CVE
CVE
added 2024/07/24 3:17 a.m.82 views

CVE-2024-3246

CVE-2024-3246 affects LiteSpeed Cache for WordPress (versions

6.1CVSS6AI score0.00178EPSS
CVE
CVE
added 2024/10/16 1:12 p.m.81 views

CVE-2024-47637

CVE-2024-47637 is a path-traversal vulnerability in LiteSpeed Cache for WordPress (LiteSpeed Cache plugin) affecting versions up to 6.4.1. The issue enables relative path traversal due to insufficient input validation, with CVSS 3.1 base score 8.8 (HIGH). A fix is available: update to 6.5.1. Unti...

8.8CVSS5.9AI score0.00634EPSS
CVE
CVE
added 2024/04/16 5:51 p.m.78 views

CVE-2023-45000

CVE-2023-45000 is a Missing Authorization vulnerability affecting LiteSpeed Cache (WordPress) up to version 5.7, allowing unauthorized access via the API. The available documents confirm the issue and affected range but do not provide concrete exploitation details, affected sub-components, or a c...

8.2CVSS8.6AI score0.00413EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.71 views

CVE-2023-4372

The CVE-2023-4372 entry describes a Stored Cross‑Site Scripting (XSS) vulnerability in the WordPress LiteSpeed Cache plugin (versions ≤ 5.6). The root cause is insufficient input sanitization and output escaping on attributes of the esi shortcode, enabling authenticated attackers with contributor...

6.4CVSS5.1AI score0.19684EPSS
CVE
CVE
added 2023/05/25 8:53 a.m.70 views

CVE-2022-46800

CVE-2022-46800 affects the WordPress LiteSpeed Cache plugin up to version 5.3. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the plugin, as described in multiple sources (NVD/Red Hat/OpenVAS overlaps). The exact root cause is not explicitly detailed in the provided documents b...

8.8CVSS7.1AI score0.00264EPSS
CVE
CVE
added 2022/01/03 12:49 p.m.68 views

CVE-2021-24963

The CVE-2021-24963 entry concerns the WordPress LiteSpeed Cache plugin prior to 4.4.4, where the qc_res parameter is not escaped before being echoed into admin-page JavaScript, enabling a Reflected Cross-Site Scripting vulnerability. Affected software: LiteSpeed Cache WordPress plugin (versions

4.8CVSS5AI score0.00654EPSS
Web
CVE
CVE
added 2022/01/03 12:49 p.m.63 views

CVE-2021-24964

CVE-2021-24964 affects the WordPress LiteSpeed Cache plugin prior to 4.4.4. The root issues are (1) failure to verify QUIC.cloud-origin requests, enabling an IP/check bypass via X-Forwarded-For to access certain endpoints, and (2) an endpoint that can inject CSS if a setting is enabled, which can...

6.1CVSS6.1AI score0.01216EPSS
Web