WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

2024-02-27 14:43

A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user

News URL

https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html

#vulnerability #wordpress #CVE-2023-40000

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-16	CVE-2023-40000	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. CWE-79	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578
Plugin		2	0	13	0	0	13