Security News > 2024 > October > WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
2024-10-04 09:11
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
News URL
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
Related news
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- WordPress plugin disguised as a security tool injects backdoor (source)
- Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers (source)
- Premium WordPress 'Motors' theme vulnerable to admin takeover attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-05 | CVE-2024-47374 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | 6.1 |