Litespeed Cache Security Vulnerabilities and Issues — Litespeed Cache CVE List

Lucene search

LitespeedtechLitespeed Cache

5 matches found

CVE•added 2020/12/26 2:15 a.m.•78 views

CVE-2020-29172

A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.

6.1CVSS6AI score0.00334EPSS

CVE•added 2024/07/24 4:15 a.m.•59 views

CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript ...

6.1CVSS6AI score0.00035EPSS

CVE•added 2024/01/11 9:15 a.m.•54 views

CVE-2023-4372

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contrib...

6.4CVSS5.1AI score0.01532EPSS

CVE•added 2024/10/05 4:15 p.m.•45 views

CVE-2024-47373

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.

6.5CVSS6.7AI score0.00055EPSS

CVE•added 2022/01/03 1:15 p.m.•37 views

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a...

6.1CVSS6.1AI score0.14825EPSS