Security News > 2024 > October > WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
2024-10-04 09:11
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
News URL
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
Related news
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)