Security News > 2024 > October > WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

2024-10-04 09:11
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
News URL
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
Related news
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- WordPress plugin disguised as a security tool injects backdoor (source)
- Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-05 | CVE-2024-47374 | Cross-site Scripting vulnerability in Litespeedtech Litespeed Cache Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. | 6.1 |